From 2625ed9fc074091c531c27ffcba7902771130261 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Tue, 20 Dec 2022 17:05:50 +1100 Subject: Forbid unsafe protocol URLs in Repo.clone{,_from}() Since the URL is passed directly to git clone, and the remote-ext helper will happily execute shell commands, so by default disallow URLs that contain a "::" unless a new unsafe_protocols kwarg is passed. (CVE-2022-24439) Fixes #1515 --- git/exc.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'git/exc.py') diff --git a/git/exc.py b/git/exc.py index 22fcde0d..b696d792 100644 --- a/git/exc.py +++ b/git/exc.py @@ -37,6 +37,10 @@ class NoSuchPathError(GitError, OSError): """Thrown if a path could not be access by the system.""" +class UnsafeOptionsUsedError(GitError): + """Thrown if unsafe protocols or options are passed without overridding.""" + + class CommandError(GitError): """Base class for exceptions thrown at every stage of `Popen()` execution. -- cgit v1.2.1 From e6108c7997f5c8f7361b982959518e982b973230 Mon Sep 17 00:00:00 2001 From: Santos Gallegos Date: Fri, 23 Dec 2022 20:19:52 -0500 Subject: Block unsafe options and protocols by default --- git/exc.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'git/exc.py') diff --git a/git/exc.py b/git/exc.py index b696d792..9b69a588 100644 --- a/git/exc.py +++ b/git/exc.py @@ -37,8 +37,12 @@ class NoSuchPathError(GitError, OSError): """Thrown if a path could not be access by the system.""" -class UnsafeOptionsUsedError(GitError): - """Thrown if unsafe protocols or options are passed without overridding.""" +class UnsafeProtocolError(GitError): + """Thrown if unsafe protocols are passed without being explicitly allowed.""" + + +class UnsafeOptionError(GitError): + """Thrown if unsafe options are passed without being explicitly allowed.""" class CommandError(GitError): -- cgit v1.2.1