Skip to content

Derive effective patch paths through Git#30837

Open
bookholt-oai wants to merge 7 commits into
codex/psec-4394-trusted-git-runnerfrom
codex/psec-4394-git-02-effective-patch-paths
Open

Derive effective patch paths through Git#30837
bookholt-oai wants to merge 7 commits into
codex/psec-4394-trusted-git-runnerfrom
codex/psec-4394-git-02-effective-patch-paths

Conversation

@bookholt-oai

@bookholt-oai bookholt-oai commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Why

Patch safety checks need to protect the paths Git will actually change. Reading diff headers ourselves can disagree with Git for renames, copies, headerless patches, or misleading cosmetic headers.

If the path list is wrong, later staging and policy checks may guard the wrong files.

What

Ask the trusted Git executable for raw, NUL-delimited git apply --numstat output in both the forward and reverse directions. Include both sides of every rename or copy, then reject malformed, empty, non-UTF-8, non-normalized, or platform-ambiguous paths.

How

Reuse this Git-derived path set for staging and patch application instead of maintaining a second path parser.

This PR is stacked on #30833 and should land after it.

Testing

Focused patch-path and full codex-git-utils tests passed. Coverage includes renames, copies, headerless patches, mismatched headers, forward and reverse application, Windows aliases, and valid Unix filenames.

Formatting, fix, and diff checks passed.

31/31 non-Codeownerous CI checks are green at 80d4da92f0, including native Windows; one unrelated flaky check required a single retry.

Related: PSEC-4394

@bookholt-oai bookholt-oai marked this pull request as ready for review July 1, 2026 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant