Set GIT_ALLOW_PROTOCOL to limit dangerous protocols

See git commit 33cfccbbf35a -- some protocols allow arbitrary command execution as part of the URL. Instead of blindly allowing those, whitelist the allowed URL protocols unless the user has already done so. Bug: Issue 210 Change-Id: I6bd8e721aa5e3dab53ef28cfdc8fde33eb74ef76
2025-05-20 05:46:16 +08:00 · 2015-11-25 13:26:39 -08:00
parent e1e0bd1f75
commit 466b8c4ea2
1 changed files with 3 additions and 0 deletions
--- a/git_command.py
+++ b/git_command.py
@ -168,6 +168,9 @@ class GitCommand(object):
      if p is not None:
        s = p + ' ' + s
      _setenv(env, 'GIT_CONFIG_PARAMETERS', s)
+    if 'GIT_ALLOW_PROTOCOL' not in env:
+      _setenv(env, 'GIT_ALLOW_PROTOCOL',
+              'file:git:http:https:ssh:persistent-http:persistent-https:sso')

    if project:
      if not cwd: