Block insecure non-multi options in clone/clone_from

Beuc · Beuc · commit 5c59e0d63da6 · 2023-07-10T16:33:29.000+02:00
Follow-up to #1521
diff --git a/git/repo/base.py b/git/repo/base.py
@@ -1203,6 +1203,8 @@ def _clone(
 
         if not allow_unsafe_protocols:
             Git.check_unsafe_protocols(str(url))
+        if not allow_unsafe_options:
+            Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)
         if not allow_unsafe_options and multi_options:
             Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)
 
diff --git a/test/test_repo.py b/test/test_repo.py
@@ -282,6 +282,17 @@ def test_clone_unsafe_options(self, rw_repo):
                     rw_repo.clone(tmp_dir, multi_options=[unsafe_option])
                 assert not tmp_file.exists()
 
+            unsafe_options = [
+                {"upload-pack": f"touch {tmp_file}"},
+                {"u": f"touch {tmp_file}"},
+                {"config": "protocol.ext.allow=always"},
+                {"c": "protocol.ext.allow=always"},
+            ]
+            for unsafe_option in unsafe_options:
+                with self.assertRaises(UnsafeOptionError):
+                    rw_repo.clone(tmp_dir, **unsafe_option)
+                assert not tmp_file.exists()
+
     @with_rw_repo("HEAD")
     def test_clone_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -341,6 +352,17 @@ def test_clone_from_unsafe_options(self, rw_repo):
                     Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])
                 assert not tmp_file.exists()
 
+            unsafe_options = [
+                {"upload-pack": f"touch {tmp_file}"},
+                {"u": f"touch {tmp_file}"},
+                {"config": "protocol.ext.allow=always"},
+                {"c": "protocol.ext.allow=always"},
+            ]
+            for unsafe_option in unsafe_options:
+                with self.assertRaises(UnsafeOptionError):
+                    Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
+                assert not tmp_file.exists()
+
     @with_rw_repo("HEAD")
     def test_clone_from_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -1410,4 +1432,4 @@ def test_ignored_raises_error_w_symlink(self):
             os.symlink(tmp_dir / "target", tmp_dir / "symlink")
 
             with pytest.raises(GitCommandError):
-                temp_repo.ignored(tmp_dir / "symlink/file.txt")
+                temp_repo.ignored(tmp_dir / "symlink/file.txt")
