summaryrefslogtreecommitdiff
path: root/git
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #1521 from stsewd/block-insecure-optionsSebastian Thiel2022-12-295-17/+198
|\ | | | | Block insecure options and protocols by default
| * More testsSantos Gallegos2022-12-272-6/+34
| |
| * Updates from reviewSantos Gallegos2022-12-272-17/+14
| |
| * Block unsafe options and protocols by defaultSantos Gallegos2022-12-234-34/+157
| |
| * Forbid unsafe protocol URLs in Repo.clone{,_from}()Steve Kowalik2022-12-232-1/+34
| | | | | | | | | | | | | | | | | | Since the URL is passed directly to git clone, and the remote-ext helper will happily execute shell commands, so by default disallow URLs that contain a "::" unless a new unsafe_protocols kwarg is passed. (CVE-2022-24439) Fixes #1515
* | Fix type hint on create_tagAndrew Cassidy2022-12-291-1/+1
| | | | | | | | pycharm yells at me without this
* | Document PushInfoListtimski2022-12-291-6/+10
|/
* Fix command injectionSantos Gallegos2022-12-202-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add `--` in some commands that receive user input and if interpreted as options could lead to remote code execution (RCE). There may be more commands that could benefit from `--` so the input is never interpreted as an option, but most of those aren't dangerous. Fixed commands: - push - pull - fetch - clone/clone_from and friends - archive (not sure if this one can be exploited, but it doesn't hurt adding `--` :)) For anyone using GitPython and exposing any of the GitPython methods to users, make sure to always validate the input (like if starts with `--`). And for anyone allowing users to pass arbitrary options, be aware that some options may lead fo RCE, like `--exc`, `--upload-pack`, `--receive-pack`, `--config` (https://github.com/gitpython-developers/GitPython/pull/1516). Ref https://github.com/gitpython-developers/GitPython/issues/1517
* fix CI by allowing the file protocol as well.Sebastian Thiel2022-11-281-0/+0
|
* Add datetime.datetime type to commit_date and author_dateSergeantMenacingGarlic2022-10-132-4/+5
|
* Ignore empty info in diff lineDave Wapstra2022-09-271-0/+3
|
* Fix bug where colons in paths raise a `ValueError` on `diff()` calls.Malcolm Langfield2022-09-121-1/+4
| | | | | | | | | | | | | | | | | This commit introduces a potential fix for #1490 and #1483, in which an `invalid literal for int() with base 10: 'n'` exception was raised within a diff operation. Within `_handle_diff_line()`, we split the output of `git diff-tree` on colons (`:` characters), under the assumption that there are no colons within the paths of the files being diffed. On POSIX systems this is not a valid assumption. The fix is to split on `\x00:`, since a null character always precedes the colons we actually need to split on. A test already existed for this case (`test_diff_file_with_colon()`), but it was marked as skipped. * Split on `\x00:` instead of `:` in `_handle_diff_line()`. * Unskip `test_diff_file_with_colon()`.
* feat(blame): Support custom `rev_opts` for blameJoseph Hale2022-08-301-3/+8
| | | | | | | | | | | | | | | | The `git blame` CLI offers a repeated `-C` option that can be used to detect lines that move within/between files. While a slower operation, it yields more accurate authorship reports. https://git-scm.com/docs/git-blame#Documentation/git-blame.txt--Cltnumgt While GitPython does enable passing custom kwargs to the command line `git` invocation, the fact that kwargs is a dictionary (i.e. no duplicate keys) means that there was no way to request the `-C` option in `git blame` more than once. This commit adds an optional `rev_opts` parameter to the `blame` method which accepts a list of strings to propagate to the CLI invocation of `git blame`. By using a `List[str]` for `rev_opts`, users of GitPython can pass now the `-C` option multiple times to get more detailed authorship reports from `git blame`.
* Ignore flake8 error.Twist2022-08-241-1/+1
|
* Use the same regex as the Actor class when determining co-authors.Twist2022-08-241-3/+3
|
* Update regex to extract the author string, and create the Actor using the ↵Twist2022-08-231-3/+3
| | | | _from_string classmethod.
* Add co_authors property to the Commit object, which parses the commit ↵Twist2022-08-221-0/+22
| | | | message for designated co-authors, include a simple test.
* docs: add typerror exception to active_branch methodPatrick Gerard2022-08-201-0/+2
| | | | | | | | docs: add typerror exception to active_branch method fix: sphinx syntax add author
* fix: incorrect PathLike correctedPredeactor2022-08-071-2/+2
| | | | Signed-off-by: Predeactor <predeactor0@gmail.com>
* fix: remove bytes type of PathLikePredeactor2022-08-071-1/+1
| | | | Signed-off-by: Predeactor <predeactor0@gmail.com>
* Fix typehinting for PathLikePredeactor2022-07-311-10/+3
|
* Catch OSError to handle gevent monkey patching errorsEthan Anderson2022-07-061-1/+1
|
* Merge pull request #1459 from AustinScola/ascola/fix-blob-filter-typesSebastian Thiel2022-07-022-9/+18
|\ | | | | Fix blob filter types
| * Fix blob filter path shorter than filter pathAustin Scola2022-06-281-2/+6
| |
| * Use generator instead of mapAustin Scola2022-06-261-1/+1
| |
| * Remove usage of `PosixPath.is_relative_to`Austin Scola2022-06-261-1/+2
| | | | | | | | | | Remove usage of `PosixPath.is_relative_to` because it was added in Python 3.9 and earlier versions of Python are supported by `GitPython`.
| * Fix pathlike type annotation typoAustin Scola2022-06-261-1/+1
| |
| * Change to not stringify pathsAustin Scola2022-06-261-4/+6
| |
| * Move stage type defAustin Scola2022-06-212-3/+4
| |
| * Add stage type to allAustin Scola2022-06-211-1/+1
| |
| * Fix blob filter typesAustin Scola2022-06-211-3/+4
| | | | | | | | Fix the types and type annotations of some of the blob filter code.
* | Fix bug in TagReference.createRuud van Asseldonk2022-06-251-2/+4
|/ | | | | | When passing the "message" kwarg, this would add a -m command-line flag without removing --message, and the message would be duplicated. Avoid that by deleting "message" from the command line.
* BUG: Use Cygwin paths for Cygwin gitDWesl2022-06-111-2/+4
|
* STY: Remove import of now-unused functionDWesl2022-06-111-1/+0
|
* BUG: Convert to native path before checking if absoluteDWesl2022-06-101-1/+5
|
* ENH: Update cygpath recodes to work with all installsDWesl2022-06-101-3/+3
| | | People can change the `/cygdrive` prefix for mounting Windows drives; `/` and `/mnt` are both popular. `/proc/cygdrive` is always going to have the drive letters under it.
* BUG: Fix is_cygwin_git to return True on Cygwin.DWesl2022-06-101-1/+3
|
* fix: Allow adding PathLike object to indexRuben DI BATTISTA2022-05-181-2/+2
| | | | Close #1382
* can flake be tamed?black-fmtSebastian Thiel2022-05-182-0/+3
|
* reformat according to 'black' configuration file.Sebastian Thiel2022-05-1829-1031/+333
|
* Revert "Remove flake8 linting in favor of `black` formatting"Sebastian Thiel2022-05-187-1/+7
| | | | This reverts commit a7c5d887e943aa51f2270e517954c024a8c01500.
* Remove flake8 linting in favor of `black` formattingSebastian Thiel2022-05-187-7/+1
| | | | `flake8` seems to dislike the formatting of black.
* Run everything through 'black'Sebastian Thiel2022-05-1834-2251/+4140
| | | | | That way people who use it won't be deterred, while it unifies style everywhere.
* Fix various typosluz paz2022-05-0712-19/+19
| | | Found via `codespell -q 3 -S ./git/ext/gitdb,./test/fixtures/reflog_master,./test/fixtures/diff_mode_only,./test/fixtures/reflog_HEAD`
* Fix #1284: strip usernames from URLs as well as passwordsGlenn Matthews2022-05-042-10/+17
|
* fix(docs): remove an unexpected blank lineHiroki Tokunaga2022-04-071-1/+0
|
* docs: escape with backticksHiroki Tokunaga2022-04-071-1/+1
|
* chore: `s/strip_newline/&_in_stdout`Hiroki Tokunaga2022-04-071-5/+5
|
* feat(cmd): add the `strip_newline` flagHiroki Tokunaga2022-04-061-2/+5
| | | | | | | | This commit adds the `strip_newline` flag to the `Git.execute` method. When this flag is set to `True`, it will trim the trailing `\n`. The default value is `True` for backward compatibility. Setting it to `False` is helpful for, e.g., the `git show` output, especially with the binary file, as the missing `\n` may invalidate the file.
* Allow `repo.create_head`'s `commit` arg to be a `SymbolicReference`David Robertson2022-04-021-1/+2
| | | | This matches the signature from `Head.create`.
View Lorry Controller Status