Commit2334ee5

committed

Forbid unsafe protocol URLs in Repo.clone_from()

Since the URL is passed directly to git clone, and the remote-ext helperwill happily execute shell commands, so by default disallow URLs thatcontain a "::" unless a new unsafe_protocols kwarg is passed.(CVE-2022-24439)Fixes#1515

1 parent17ff263 commit2334ee5Copy full SHA for 2334ee5

File tree

2 files changed

+24

-0

lines changed

git/repo
- base.py
test
- test_repo.py

2 files changed

+24

-0

lines changed

`‎git/repo/base.py`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1253,6 +1253,7 @@ def clone_from(`
`1253`	`1253`	`progress:Optional[Callable]=None,`
`1254`	`1254`	`env:Optional[Mapping[str,str]]=None,`
`1255`	`1255`	`multi_options:Optional[List[str]]=None,`
	`1256`	`+unsafe_protocols:bool=False,`
`1256`	`1257`	`**kwargs:Any,`
`1257`	`1258`	`)->"Repo":`
`1258`	`1259`	`"""Create a clone from the given URL`
`@@ -1267,11 +1268,14 @@ def clone_from(`
`1267`	`1268`	`If you want to unset some variable, consider providing empty string`
`1268`	`1269`	`as its value.`
`1269`	`1270`	:param multi_options: See ``clone`` method
	`1271`	`+ :param unsafe_protocols: Allow unsafe protocols to be used, like ext`
`1270`	`1272`	:param kwargs: see the ``clone`` method
`1271`	`1273`	`:return: Repo instance pointing to the cloned directory"""`
`1272`	`1274`	`git=cls.GitCommandWrapperType(os.getcwd())`
`1273`	`1275`	`ifenvisnotNone:`
`1274`	`1276`	`git.update_environment(**env)`
	`1277`	`+ifnotunsafe_protocolsand"::"inurl:`
	`1278`	`+raiseValueError(f"{url} requires unsafe_protocols flag")`
`1275`	`1279`	`returncls._clone(git,url,to_path,GitCmdObjectDB,progress,multi_options,**kwargs)`
`1276`	`1280`
`1277`	`1281`	`defarchive(`

`‎test/test_repo.py`

Lines changed: 20 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`	`importpickle`
`14`	`14`	`importsys`
`15`	`15`	`importtempfile`
	`16`	`+importuuid`
`16`	`17`	`fromunittestimportmock,skipIf,SkipTest`
`17`	`18`
`18`	`19`	`importpytest`
`@@ -263,6 +264,25 @@ def test_leaking_password_in_clone_logs(self, rw_dir):`
`263`	`264`	`to_path=rw_dir,`
`264`	`265`	`)`
`265`	`266`
	`267`	`+deftest_clone_from_forbids_helper_urls_by_default(self):`
	`268`	`+withself.assertRaises(ValueError):`
	`269`	`+Repo.clone_from("ext::sh -c touch% /tmp/foo","tmp")`
	`270`	`+`
	`271`	`+@with_rw_repo("HEAD")`
	`272`	`+deftest_clone_from_allow_unsafe(self,repo):`
	`273`	`+bad_filename=pathlib.Path(f'{tempfile.gettempdir()}/{uuid.uuid4()}')`
	`274`	`+bad_url=f'ext::sh -c touch%{bad_filename}'`
	`275`	`+try:`
	`276`	`+repo.clone_from(`
	`277`	`+bad_url,'tmp',`
	`278`	`+multi_options=["-c protocol.ext.allow=always"],`
	`279`	`+unsafe_protocols=True`
	`280`	`+ )`
	`281`	`+exceptGitCommandError:`
	`282`	`+pass`
	`283`	`+self.assertTrue(bad_filename.is_file())`
	`284`	`+bad_filename.unlink()`
	`285`	`+`
`266`	`286`	`@with_rw_repo("HEAD")`
`267`	`287`	`deftest_max_chunk_size(self,repo):`
`268`	`288`	`classTestOutputStream(TestBase):`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit2334ee5

File tree

2 files changed

2 files changed

`‎git/repo/base.py`

`‎test/test_repo.py`

0 commit comments