| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
These errors are mostly fixed by either adding blank lines or single
spaces for Sphinx documentation key words.
The commit solely includes documentation changes, no functional
changes.
|
| |\
| |
| | |
Block insecure options and protocols by default
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Since the URL is passed directly to git clone, and the remote-ext helper
will happily execute shell commands, so by default disallow URLs that
contain a "::" unless a new unsafe_protocols kwarg is passed.
(CVE-2022-24439)
Fixes #1515
|
| |/
|
|
| |
pycharm yells at me without this
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add `--` in some commands that receive user input
and if interpreted as options could lead to remote
code execution (RCE).
There may be more commands that could benefit from `--`
so the input is never interpreted as an option,
but most of those aren't dangerous.
Fixed commands:
- push
- pull
- fetch
- clone/clone_from and friends
- archive (not sure if this one can be exploited, but it doesn't hurt
adding `--` :))
For anyone using GitPython and exposing any of the GitPython methods to users,
make sure to always validate the input (like if starts with `--`).
And for anyone allowing users to pass arbitrary options, be aware
that some options may lead fo RCE, like `--exc`, `--upload-pack`,
`--receive-pack`, `--config` (https://github.com/gitpython-developers/GitPython/pull/1516).
Ref https://github.com/gitpython-developers/GitPython/issues/1517
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `git blame` CLI offers a repeated `-C` option that can be used to detect
lines that move within/between files. While a slower operation, it yields more
accurate authorship reports.
https://git-scm.com/docs/git-blame#Documentation/git-blame.txt--Cltnumgt
While GitPython does enable passing custom kwargs to the command line `git`
invocation, the fact that kwargs is a dictionary (i.e. no duplicate keys) means
that there was no way to request the `-C` option in `git blame` more than once.
This commit adds an optional `rev_opts` parameter to the `blame` method which
accepts a list of strings to propagate to the CLI invocation of `git blame`. By
using a `List[str]` for `rev_opts`, users of GitPython can pass now the `-C`
option multiple times to get more detailed authorship reports from `git blame`.
|
| |
|
|
|
|
|
|
| |
docs: add typerror exception to active_branch method
fix: sphinx syntax
add author
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This reverts commit a7c5d887e943aa51f2270e517954c024a8c01500.
|
| |
|
|
| |
`flake8` seems to dislike the formatting of black.
|
| |
|
|
|
| |
That way people who use it won't be deterred, while it unifies style
everywhere.
|
| |
|
| |
Found via `codespell -q 3 -S ./git/ext/gitdb,./test/fixtures/reflog_master,./test/fixtures/diff_mode_only,./test/fixtures/reflog_HEAD`
|
| |
|
|
| |
This matches the signature from `Head.create`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
delete_head and Head.delete historically accept either Head objects
or a str name of a head. Adjust the typing to match. This
unfortunately requires suppressing type warnings in the signature of
RemoteReference.delete, since it inherits from Head but does not
accept str (since it needs access to the richer data of
RemoteReference).
Using assignment to make add an alias for create unfortunately
confuses mypy, since it loses track of the fact that it's a
classmethod and starts treating it like a staticmethod. Replace
with a stub wrapper instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the GitCommandWrapperType definition to be used within the Repo
classmethods. This change follows the intended purpose as stated in
the code, "Subclasses may easily bring in their own custom types by
placing a constructor or type here."
The usecase that prompted this change has to do with
`GIT_SSH_COMMAND`. The goal is to setup a custom `Git` class with
knowledge of the value, something like as follows
```python
from git import Git as BaseGit, Repo as BaseRepo
class Git(BaseGit):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
# For example, assign the SSH command using the current flask
# app's configured setting.
self.update_environment(GIT_SSH_COMMAND=current_app.config['GIT_SSH_COMMAND'])
class Repo(BaseRepo):
GitCommandWrapperType = _Git
```
With this change, the above example will allow the developer to use
`Repo.clone_from(...)` with the indended outcome. Otherwise the
developer will have two differing result when using `Repo(...)` vs
`Repo.clone_from(...)`.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
configparser type
|
| | |
|
