Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4 by WesR · Pull Request #2131 · gitpython-developers/GitPython

Expand Up @@ -827,7 +827,7 @@ def test_fetch_unsafe_options(self, rw_repo): remote = rw_repo.remote("origin") tmp_dir = Path(tdir) tmp_file = tmp_dir / "pwn" unsafe_options = [{"upload-pack": f"touch {tmp_file}"}] unsafe_options = [{"upload-pack": f"touch {tmp_file}"}, {"upload_pack": f"touch {tmp_file}"}] for unsafe_option in unsafe_options: with self.assertRaises(UnsafeOptionError): remote.fetch(**unsafe_option) Expand Down Expand Up @@ -895,7 +895,7 @@ def test_pull_unsafe_options(self, rw_repo): remote = rw_repo.remote("origin") tmp_dir = Path(tdir) tmp_file = tmp_dir / "pwn" unsafe_options = [{"upload-pack": f"touch {tmp_file}"}] unsafe_options = [{"upload-pack": f"touch {tmp_file}"}, {"upload_pack": f"touch {tmp_file}"}] for unsafe_option in unsafe_options: with self.assertRaises(UnsafeOptionError): remote.pull(**unsafe_option) Expand Down Expand Up @@ -964,10 +964,9 @@ def test_push_unsafe_options(self, rw_repo): tmp_dir = Path(tdir) tmp_file = tmp_dir / "pwn" unsafe_options = [ { "receive-pack": f"touch {tmp_file}", "exec": f"touch {tmp_file}", } {"receive-pack": f"touch {tmp_file}"}, {"receive_pack": f"touch {tmp_file}"}, {"exec": f"touch {tmp_file}"}, ] for unsafe_option in unsafe_options: assert not tmp_file.exists() Expand All @@ -991,10 +990,9 @@ def test_push_unsafe_options_allowed(self, rw_repo): tmp_dir = Path(tdir) tmp_file = tmp_dir / "pwn" unsafe_options = [ { "receive-pack": f"touch {tmp_file}", "exec": f"touch {tmp_file}", } {"receive-pack": f"touch {tmp_file}"}, {"receive_pack": f"touch {tmp_file}"}, {"exec": f"touch {tmp_file}"}, ] for unsafe_option in unsafe_options: # The options will be allowed, but the command will fail. Expand Down