github/servers
1
1
Fork 0
mirror of https://github.com/modelcontextprotocol/servers.git synced 2026-02-19 11:54:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

git: improve file path validation in add operation

Browse Source 
Use Git CLI directly instead of GitPython index API to ensure proper
path validation and prevent option injection. The '--' separator ensures
file paths starting with '-' are handled correctly.
This commit is contained in:
Aonan Guan
2025-12-29 15:33:42 -08:00
parent dcb47d2d94
commit db96050800
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/git/src/mcp_server_git/server.py
View File

@@ -132,7 +132,8 @@ def git_add(repo: git.Repo, files: list[str]) -> str:
if files == ["."]:
repo.git.add(".")
else:
repo.index.add(files)
# Use '--' to prevent files starting with '-' from being interpreted as options
repo.git.add("--", *files)
return "Files staged successfully"
def git_reset(repo: git.Repo) -> str: