summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge pull request #1521 from stsewd/block-insecure-optionsSebastian Thiel2022-12-2910-21/+752
|\ | | | | Block insecure options and protocols by default
| * Updates from reviewSantos Gallegos2022-12-284-17/+110
| |
| * Submodule testsSantos Gallegos2022-12-271-1/+115
| |
| * More testsSantos Gallegos2022-12-274-7/+247
| |
| * Update/add tests for Repo.clone*Santos Gallegos2022-12-271-27/+121
| |
| * Updates from reviewSantos Gallegos2022-12-273-19/+16
| |
| * Block unsafe options and protocols by defaultSantos Gallegos2022-12-235-36/+160
| |
| * Forbid unsafe protocol URLs in Repo.clone{,_from}()Steve Kowalik2022-12-233-1/+70
| | | | | | | | | | | | | | | | | | Since the URL is passed directly to git clone, and the remote-ext helper will happily execute shell commands, so by default disallow URLs that contain a "::" unless a new unsafe_protocols kwarg is passed. (CVE-2022-24439) Fixes #1515
* | Fix type hint on create_tagAndrew Cassidy2022-12-291-1/+1
| | | | | | | | pycharm yells at me without this
* | Document PushInfoListtimski2022-12-291-6/+10
|/
* Merge branch 'fix-cmd-injection'Sebastian Thiel2022-12-225-4/+44
|\
| * update changelogSebastian Thiel2022-12-221-0/+12
| |
| * Add testSantos Gallegos2022-12-211-0/+26
| |
| * Fix CISantos Gallegos2022-12-201-1/+1
| | | | | | | | Taken from https://github.com/gitpython-developers/GitPython/pull/1516/
| * Fix command injectionSantos Gallegos2022-12-202-3/+5
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | Add `--` in some commands that receive user input and if interpreted as options could lead to remote code execution (RCE). There may be more commands that could benefit from `--` so the input is never interpreted as an option, but most of those aren't dangerous. Fixed commands: - push - pull - fetch - clone/clone_from and friends - archive (not sure if this one can be exploited, but it doesn't hurt adding `--` :)) For anyone using GitPython and exposing any of the GitPython methods to users, make sure to always validate the input (like if starts with `--`). And for anyone allowing users to pass arbitrary options, be aware that some options may lead fo RCE, like `--exc`, `--upload-pack`, `--receive-pack`, `--config` (https://github.com/gitpython-developers/GitPython/pull/1516). Ref https://github.com/gitpython-developers/GitPython/issues/1517
* Bump cygwin/cygwin-install-action from 2 to 3dependabot[bot]2022-11-281-1/+1
| | | | | | | | | | | | | | Bumps [cygwin/cygwin-install-action](https://github.com/cygwin/cygwin-install-action) from 2 to 3. - [Release notes](https://github.com/cygwin/cygwin-install-action/releases) - [Commits](https://github.com/cygwin/cygwin-install-action/compare/v2...v3) --- updated-dependencies: - dependency-name: cygwin/cygwin-install-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* fix CI by allowing the file protocol as well.Sebastian Thiel2022-11-283-1/+8
|
* Merge pull request #1501 from SergeantMenacingGarlic/date_typesSebastian Thiel2022-10-142-4/+5
|\ | | | | Add datetime.datetime type to commit_date and author_date
| * Add datetime.datetime type to commit_date and author_dateSergeantMenacingGarlic2022-10-132-4/+5
|/
* prepare next release3.1.29Sebastian Thiel2022-10-112-1/+9
|
* fix version replacement in `setup.py` (#1500)Sebastian Thiel2022-10-111-1/+1
| | | | | | | | It would fail to perform the replacement, but unfortunately wouldn't stop the release process. The latter could be done, but isn't implemented either as it's hard to test given everything is runtime.
* remove package signingSebastian Thiel2022-10-071-1/+1
| | | | | The new key isn't signed with the old key so not accepted downstream, and that's it as the old key literally broke and there is no backup.
* bump version to 3.1.283.1.28Sebastian Thiel2022-10-071-1/+1
|
* prepare changelogSebastian Thiel2022-10-071-0/+6
|
* Merge pull request #1497 from dwapstra/git_diff_emptySebastian Thiel2022-09-272-0/+9
|\ | | | | Ignore empty info in diff line
| * Ignore empty info in diff lineDave Wapstra2022-09-272-0/+9
|/
* Merge pull request #1491 from langfield/mainSebastian Thiel2022-09-142-2/+4
|\ | | | | Fix bug where colons in paths raise a `ValueError` on `diff()` calls.
| * Fix bug where colons in paths raise a `ValueError` on `diff()` calls.Malcolm Langfield2022-09-122-2/+4
|/ | | | | | | | | | | | | | | | | This commit introduces a potential fix for #1490 and #1483, in which an `invalid literal for int() with base 10: 'n'` exception was raised within a diff operation. Within `_handle_diff_line()`, we split the output of `git diff-tree` on colons (`:` characters), under the assumption that there are no colons within the paths of the files being diffed. On POSIX systems this is not a valid assumption. The fix is to split on `\x00:`, since a null character always precedes the colons we actually need to split on. A test already existed for this case (`test_diff_file_with_colon()`), but it was marked as skipped. * Split on `\x00:` instead of `:` in `_handle_diff_line()`. * Unskip `test_diff_file_with_colon()`.
* Merge pull request #1485 from thehale/blame/rev-optsSebastian Thiel2022-09-013-3/+16
|\ | | | | feat(blame): Support custom `rev_opts` for blame
| * feat(blame): Support custom `rev_opts` for blameJoseph Hale2022-08-303-3/+16
|/ | | | | | | | | | | | | | | | The `git blame` CLI offers a repeated `-C` option that can be used to detect lines that move within/between files. While a slower operation, it yields more accurate authorship reports. https://git-scm.com/docs/git-blame#Documentation/git-blame.txt--Cltnumgt While GitPython does enable passing custom kwargs to the command line `git` invocation, the fact that kwargs is a dictionary (i.e. no duplicate keys) means that there was no way to request the `-C` option in `git blame` more than once. This commit adds an optional `rev_opts` parameter to the `blame` method which accepts a list of strings to propagate to the CLI invocation of `git blame`. By using a `List[str]` for `rev_opts`, users of GitPython can pass now the `-C` option multiple times to get more detailed authorship reports from `git blame`.
* Merge branch 'add-co-authors'Sebastian Thiel2022-08-255-1/+46
|\
| * Allow failure of that one test on cygwinSebastian Thiel2022-08-251-0/+7
| |
| * Ignore flake8 error.Twist2022-08-241-1/+1
| |
| * Use the same regex as the Actor class when determining co-authors.Twist2022-08-242-4/+4
| |
| * Update regex to extract the author string, and create the Actor using the ↵Twist2022-08-231-3/+3
| | | | | | | | _from_string classmethod.
| * Add malformed co-authors to the test, to check they aren't detected with the ↵Twist2022-08-231-2/+6
| | | | | | | | regex.
| * Add co_authors property to the Commit object, which parses the commit ↵Twist2022-08-223-0/+34
|/ | | | message for designated co-authors, include a simple test.
* Merge pull request #1481 from grumpyp/mainSebastian Thiel2022-08-212-0/+3
|\ | | | | Improve docs
| * Merge branch 'main' of github.com:grumpyp/GitPythonPatrick Gerard2022-08-200-0/+0
| |\
| | * fix: sphinx syntaxPatrick Gerard2022-08-201-1/+1
| | |
| | * docs: add typerror exception to active_branch methodPatrick Gerard2022-08-201-0/+2
| |/ |/|
| * docs: add typerror exception to active_branch methodPatrick Gerard2022-08-202-0/+3
|/ | | | | | | | docs: add typerror exception to active_branch method fix: sphinx syntax add author
* Merge pull request #1478 from luzpaz/typosSebastian Thiel2022-08-182-3/+3
|\ | | | | Fix source comment typos
| * Fix source comment typosluz paz2022-08-172-3/+3
|/
* Merge pull request #1474 from Predeactor/masterSebastian Thiel2022-08-082-9/+3
|\ | | | | Fix incomplete typehinting for PathLike
| * fix: incorrect PathLike correctedPredeactor2022-08-071-2/+2
| | | | | | | | Signed-off-by: Predeactor <predeactor0@gmail.com>
| * fix: remove bytes type of PathLikePredeactor2022-08-071-1/+1
| | | | | | | | Signed-off-by: Predeactor <predeactor0@gmail.com>
| * Add contributor to AUTHORS filePredeactor2022-07-311-0/+1
| |
| * Fix typehinting for PathLikePredeactor2022-07-311-10/+3
|/
* Catch OSError to handle gevent monkey patching errorsEthan Anderson2022-07-061-1/+1
|
View Lorry Controller Status