Forbid unsafe protocol URLs in Repo.clone{,_from}()

Since the URL is passed directly to git clone, and the remote-ext helper will happily execute shell commands, so by default disallow URLs that contain a "::" unless a new unsafe_protocols kwarg is passed. (CVE-2022-24439) Fixes #1515
author: Steve Kowalik <steven@wedontsleep.org> 2022-12-20 17:05:50 +1100
committer: Santos Gallegos <stsewd@proton.me> 2022-12-23 16:16:21 -0500
commit: 2625ed9fc074091c531c27ffcba7902771130261 (patch)
tree: 0f3589b06f2b63851addf126b245073cad7eacbf /git/exc.py
parent: 787359d80d80225095567340aa5e7ec01847fa9a (diff)
download: gitpython-2625ed9fc074091c531c27ffcba7902771130261.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/git/exc.py b/git/exc.py
index 22fcde0d..b696d792 100644
--- a/git/exc.py
+++ b/git/exc.py
@@ -37,6 +37,10 @@ class NoSuchPathError(GitError, OSError):
     """Thrown if a path could not be access by the system."""
 
 
+class UnsafeOptionsUsedError(GitError):
+    """Thrown if unsafe protocols or options are passed without overridding."""
+
+
 class CommandError(GitError):
     """Base class for exceptions thrown at every stage of `Popen()` execution.
author	Steve Kowalik <steven@wedontsleep.org>	2022-12-20 17:05:50 +1100
committer	Santos Gallegos <stsewd@proton.me>	2022-12-23 16:16:21 -0500
commit	2625ed9fc074091c531c27ffcba7902771130261 (patch)
tree	0f3589b06f2b63851addf126b245073cad7eacbf /git/exc.py
parent	787359d80d80225095567340aa5e7ec01847fa9a (diff)
download	gitpython-2625ed9fc074091c531c27ffcba7902771130261.tar.gz