René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"I would like to contribute a \"safe mode\" for working with untrusted repos","articleBody":"For f-droid.org, we build thousands of Android apps from git repos.  To reduce our attack surface and work towards \"least authority\", we use a custom Git wrapper that locks down a lot of things that we never need, and have a higher risk of vulnerabilities.  I would like to rework this to be a part of GitPython.  So I'm opening this issue to see if this is something that the GitPython maintainers would be interested in merging.\n\nI'm open on the API, it could be something like this:\n\n```python\ngit_repo = git.repo.Repo('.', safe=True)\n```\n\nThe goal would be then that all invocations of Git would include these kinds options:\n\n```config\ncore.askpass = /bin/true\ncore.hooksPath = /dev/null\ncore.sshCommand = /bin/true\ncredential.helper = /bin/true\nhttp.emptyAuth = true\nprotocol.allow = never\nprotocol.https.allow = always\nurl.https://.insteadOf = ssh://\n```\n\nAnd run with these env vars:\n\n```bash\nGIT_TERMINAL_PROMPT=0\nGIT_ASKPASS=/bin/true\nSSH_ASKPASS=/bin/true\nGIT_SSH=/bin/true  # for git \u003c 2.3\n```\n\nThis then hopefully only allows unauthenticated access to HTTPS repos, and prevents the execution of any command besides `git`.  This would eliminate risks like these:\n\n* https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx\n* https://stackoverflow.com/questions/74200395/is-it-dangerous-to-open-or-clone-a-git-repository-from-an-untrusted-source\n* https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4\n* https://git-scm.com/docs/git#_security\n* https://github.blog/open-source/git/securing-git-addressing-5-new-vulnerabilities/\n* https://nvd.nist.gov/vuln/detail/CVE-2017-1000117\n","author":{"url":"https://github.com/eighthave","@type":"Person","name":"eighthave"},"datePublished":"2025-03-31T20:16:16.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":12},"url":"https://github.com/2020/GitPython/issues/2020"}