Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block insecure options and protocols by default #1521

Merged
merged 7 commits into from Dec 29, 2022
Merged

Block insecure options and protocols by default #1521

merged 7 commits into from Dec 29, 2022

Commits on Dec 23, 2022

  1. Forbid unsafe protocol URLs in Repo.clone{,_from}() 

    Since the URL is passed directly to git clone, and the remote-ext helper
will happily execute shell commands, so by default disallow URLs that
contain a "::" unless a new unsafe_protocols kwarg is passed.
(CVE-2022-24439)

Fixes gitpython-developers#1515
    @s-t-e-v-e-n-k @stsewd
    s-t-e-v-e-n-k authored and stsewd committed Dec 23, 2022
    Copy the full SHA
    2625ed9 View commit details
    Browse the repository at this point in the history

Commits on Dec 24, 2022

  1. Block unsafe options and protocols by default

    @stsewd
    stsewd committed Dec 24, 2022
    Copy the full SHA
    e6108c7 View commit details
    Browse the repository at this point in the history

Commits on Dec 27, 2022

  1. Updates from review

    @stsewd
    stsewd committed Dec 27, 2022
    Copy the full SHA
    fd2c6da View commit details
    Browse the repository at this point in the history

  2. Update/add tests for Repo.clone*

    @stsewd
    stsewd committed Dec 27, 2022
    Copy the full SHA
    b92f01a View commit details
    Browse the repository at this point in the history

Commits on Dec 28, 2022

  1. More tests

    @stsewd
    stsewd committed Dec 28, 2022
    Copy the full SHA
    c8ae33b View commit details
    Browse the repository at this point in the history

  2. Submodule tests

    @stsewd
    stsewd committed Dec 28, 2022
    Copy the full SHA
    9dc4392 View commit details
    Browse the repository at this point in the history

Commits on Dec 29, 2022

  1. Updates from review

    @stsewd
    stsewd committed Dec 29, 2022
    Copy the full SHA
    f4f2658 View commit details
    Browse the repository at this point in the history