fix: block joined short unsafe clone options by Byron · Pull Request #2162 · gitpython-developers/GitPython

Copilot

Pull request overview

This PR hardens GitPython’s unsafe-option detection for clone by ensuring short options with joined/attached values (e.g. -u/tmp/helper, -cprotocol.ext.allow=always) are canonicalized correctly during unsafe-option checks, closing a bypass described in GHSA-v396-v7q4-x2qj.

Changes:

Update Git._canonicalize_option_name to normalize joined short options to their single-letter form for unsafe-option matching.
Add regression tests ensuring joined -u... and -c... forms are rejected in Repo.clone and Repo.clone_from.
Add canonicalization-focused assertions in the Git.check_unsafe_options normalization tests.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
`git/cmd.py`	Canonicalizes short `-xVALUE` option tokens to `x` for unsafe-option checks, preventing bypass via joined short options.
`test/test_clone.py`	Adds regression cases for joined `-u...` and `-c...` in clone-related unsafe-option tests.
`test/test_git.py`	Adds direct `check_unsafe_options` cases asserting joined short options normalize to the expected unsafe keys.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.