Closed srozb closed 4 months ago
Please take another look at changed source, as I'm not 100% sure if I picked the correct line to move the environment creation to.
I think eventually it'd be better to move the ALL_PROXY
env variable creation just after the pysocks proxy is set up and ensure every subprocess call is taken with env=environment
argument. It'd also be nice to bound sanitization with checkout putting it together in separate function.
(thinking out loud)
Great, thanks for contributing!
3 commits stacked here:
.git/config
file may cause RCE. This commit tries to comment out lines that may be unsafe - feel free to add more patterns of such lines. I'm aware this is not a perfect solution but at least some kind of protection.ALL_PROXY
to ensure git communication uses configured proxy.