diff options
| author | Dan Willemsen <dwillemsen@google.com> | 2015-11-25 13:26:39 -0800 |
|---|---|---|
| committer | David Pursehouse <david.pursehouse@sonymobile.com> | 2015-11-26 11:03:19 +0900 |
| commit | 466b8c4ea26f119f2b0532ece764c543e78a873e (patch) | |
| tree | 70af80b53e2d5a5e149e4af38e3eb1694083cf04 | |
| parent | e1e0bd1f75e64ba4854f288741aa88dfe2f3cf61 (diff) | |
| download | git-repo-466b8c4ea26f119f2b0532ece764c543e78a873e.tar.gz | |
Set GIT_ALLOW_PROTOCOL to limit dangerous protocols
See git commit 33cfccbbf35a -- some protocols allow arbitrary command
execution as part of the URL. Instead of blindly allowing those,
whitelist the allowed URL protocols unless the user has already done so.
Bug: Issue 210
Change-Id: I6bd8e721aa5e3dab53ef28cfdc8fde33eb74ef76
| -rw-r--r-- | git_command.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/git_command.py b/git_command.py index 0893bff7..63b7b6f2 100644 --- a/git_command.py +++ b/git_command.py | |||
| @@ -168,6 +168,9 @@ class GitCommand(object): | |||
| 168 | if p is not None: | 168 | if p is not None: |
| 169 | s = p + ' ' + s | 169 | s = p + ' ' + s |
| 170 | _setenv(env, 'GIT_CONFIG_PARAMETERS', s) | 170 | _setenv(env, 'GIT_CONFIG_PARAMETERS', s) |
| 171 | if 'GIT_ALLOW_PROTOCOL' not in env: | ||
| 172 | _setenv(env, 'GIT_ALLOW_PROTOCOL', | ||
| 173 | 'file:git:http:https:ssh:persistent-http:persistent-https:sso') | ||
| 171 | 174 | ||
| 172 | if project: | 175 | if project: |
| 173 | if not cwd: | 176 | if not cwd: |