mirror of
https://github.com/openai/codex.git
synced 2026-04-30 09:26:44 +00:00
af04273778
## Summary - block git global options that can redirect config, repository, or helper lookup from being auto-approved as safe - share the unsafe global-option predicate across the Unix and Windows git safety checks - add regression coverage for inline and split forms, including `bash -lc` and PowerShell wrappers ## Root cause The Unix safe-command gate only rejected `-c` and `--config-env`, even though the shared git parser already knew how to skip additional pre-subcommand globals such as `--git-dir`, `--work-tree`, `--exec-path`, `--namespace`, and `--super-prefix`. That let those arguments slip through safe-command classification on otherwise read-only git invocations and bypass approval. The Windows-specific safe-command path had the same trust-boundary gap for git global options.