From 5c59e0d63da6180db8a0b349f0ad36fef42aceed Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 10 Jul 2023 16:10:10 +0200
Subject: [PATCH] Block insecure non-multi options in clone/clone_from
 Follow-up to #1521

---
 git/repo/base.py  |  2 ++
 test/test_repo.py | 24 +++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/git/repo/base.py b/git/repo/base.py
index 2fc9cf1fe..1fa98d8c7 100644
--- a/git/repo/base.py
+++ b/git/repo/base.py
@@ -1203,6 +1203,8 @@ def _clone(
 
         if not allow_unsafe_protocols:
             Git.check_unsafe_protocols(str(url))
+        if not allow_unsafe_options:
+            Git.check_unsafe_options(options=list(kwargs.keys()), unsafe_options=cls.unsafe_git_clone_options)
         if not allow_unsafe_options and multi_options:
             Git.check_unsafe_options(options=multi_options, unsafe_options=cls.unsafe_git_clone_options)
 
diff --git a/test/test_repo.py b/test/test_repo.py
index 07c1e9adf..5c66aeeb1 100644
--- a/test/test_repo.py
+++ b/test/test_repo.py
@@ -282,6 +282,17 @@ def test_clone_unsafe_options(self, rw_repo):
                     rw_repo.clone(tmp_dir, multi_options=[unsafe_option])
                 assert not tmp_file.exists()
 
+            unsafe_options = [
+                {"upload-pack": f"touch {tmp_file}"},
+                {"u": f"touch {tmp_file}"},
+                {"config": "protocol.ext.allow=always"},
+                {"c": "protocol.ext.allow=always"},
+            ]
+            for unsafe_option in unsafe_options:
+                with self.assertRaises(UnsafeOptionError):
+                    rw_repo.clone(tmp_dir, **unsafe_option)
+                assert not tmp_file.exists()
+
     @with_rw_repo("HEAD")
     def test_clone_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -341,6 +352,17 @@ def test_clone_from_unsafe_options(self, rw_repo):
                     Repo.clone_from(rw_repo.working_dir, tmp_dir, multi_options=[unsafe_option])
                 assert not tmp_file.exists()
 
+            unsafe_options = [
+                {"upload-pack": f"touch {tmp_file}"},
+                {"u": f"touch {tmp_file}"},
+                {"config": "protocol.ext.allow=always"},
+                {"c": "protocol.ext.allow=always"},
+            ]
+            for unsafe_option in unsafe_options:
+                with self.assertRaises(UnsafeOptionError):
+                    Repo.clone_from(rw_repo.working_dir, tmp_dir, **unsafe_option)
+                assert not tmp_file.exists()
+
     @with_rw_repo("HEAD")
     def test_clone_from_unsafe_options_allowed(self, rw_repo):
         with tempfile.TemporaryDirectory() as tdir:
@@ -1410,4 +1432,4 @@ def test_ignored_raises_error_w_symlink(self):
             os.symlink(tmp_dir / "target", tmp_dir / "symlink")
 
             with pytest.raises(GitCommandError):
-                temp_repo.ignored(tmp_dir / "symlink/file.txt")
\ No newline at end of file
+                temp_repo.ignored(tmp_dir / "symlink/file.txt")