git.cmd: harden unsafe option canonicalization and isolate push test cases

WesR · WesR · commit 43d92dec4683 · 2026-04-21T12:03:20.000-04:00
diff --git a/git/cmd.py b/git/cmd.py
@@ -946,9 +946,18 @@ def check_unsafe_protocols(cls, url: str) -> None:
 
     @classmethod
     def _canonicalize_option_name(cls, option: str) -> str:
-        """Normalize an option or kwarg name for unsafe-option checks."""
-        option_name = option.lstrip("-").split("=", 1)[0].split(None, 1)[0]
-        return dashify(option_name)
+        """Return the option name used for unsafe-option checks.
+
+        Examples:
+            ``"--upload-pack=/tmp/helper"`` -> ``"upload-pack"``
+            ``"upload_pack"`` -> ``"upload-pack"``
+            ``"--config core.filemode=false"`` -> ``"config"``
+        """
+        option_name = option.lstrip("-").split("=", 1)[0]
+        option_tokens = option_name.split(None, 1)
+        if not option_tokens:
+            return ""
+        return dashify(option_tokens[0])
 
     @classmethod
     def check_unsafe_options(cls, options: List[str], unsafe_options: List[str]) -> None:
diff --git a/test/test_remote.py b/test/test_remote.py
@@ -964,11 +964,9 @@ def test_push_unsafe_options(self, rw_repo):
             tmp_dir = Path(tdir)
             tmp_file = tmp_dir / "pwn"
             unsafe_options = [
-                {
-                    "receive-pack": f"touch {tmp_file}",
-                    "receive_pack": f"touch {tmp_file}",
-                    "exec": f"touch {tmp_file}",
-                }
+                {"receive-pack": f"touch {tmp_file}"},
+                {"receive_pack": f"touch {tmp_file}"},
+                {"exec": f"touch {tmp_file}"},
             ]
             for unsafe_option in unsafe_options:
                 assert not tmp_file.exists()
@@ -992,10 +990,9 @@ def test_push_unsafe_options_allowed(self, rw_repo):
             tmp_dir = Path(tdir)
             tmp_file = tmp_dir / "pwn"
             unsafe_options = [
-                {
-                    "receive-pack": f"touch {tmp_file}",
-                    "exec": f"touch {tmp_file}",
-                }
+                {"receive-pack": f"touch {tmp_file}"},
+                {"receive_pack": f"touch {tmp_file}"},
+                {"exec": f"touch {tmp_file}"},
             ]
             for unsafe_option in unsafe_options:
                 # The options will be allowed, but the command will fail.
