sec: added --end-of-options to prevent unintended options (#118)

caarlos0 · unknwon · web-flow · commit 96a31248cfe8 · 2025-11-18T23:18:34.000-05:00
Signed-off-by: Carlos Alexandro Becker &lt;caarlos0@users.noreply.github.com&gt;
Co-authored-by: ᴊᴏᴇ ᴄʜᴇɴ &lt;jc@unknwon.io&gt;
diff --git a/repo.go b/repo.go
@@ -83,6 +83,7 @@ func Init(path string, opts ...InitOptions) error {
 	if opt.Bare {
 		cmd.AddArgs("--bare")
 	}
+	cmd.AddArgs("--end-of-options")
 	_, err = cmd.RunInDirWithTimeout(opt.Timeout, path)
 	return err
 }
@@ -157,6 +158,7 @@ func Clone(url, dst string, opts ...CloneOptions) error {
 		cmd.AddArgs("--depth", strconv.FormatUint(opt.Depth, 10))
 	}
 
+	cmd.AddArgs("--end-of-options")
 	_, err = cmd.AddArgs(url, dst).RunWithTimeout(opt.Timeout)
 	return err
 }
@@ -259,7 +261,7 @@ func Push(repoPath, remote, branch string, opts ...PushOptions) error {
 		opt = opts[0]
 	}
 
-	cmd := NewCommand("push").AddOptions(opt.CommandOptions).AddArgs(remote, branch)
+	cmd := NewCommand("push").AddOptions(opt.CommandOptions).AddArgs("--end-of-options", remote, branch)
 	_, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)
 	return err
 }
@@ -346,7 +348,7 @@ func Reset(repoPath, rev string, opts ...ResetOptions) error {
 		cmd.AddArgs("--hard")
 	}
 
-	_, err := cmd.AddOptions(opt.CommandOptions).AddArgs(rev).RunInDir(repoPath)
+	_, err := cmd.AddOptions(opt.CommandOptions).AddArgs("--end-of-options", rev).RunInDir(repoPath)
 	return err
 }
 
@@ -382,7 +384,7 @@ func Move(repoPath, src, dst string, opts ...MoveOptions) error {
 		opt = opts[0]
 	}
 
-	_, err := NewCommand("mv").AddOptions(opt.CommandOptions).AddArgs(src, dst).RunInDirWithTimeout(opt.Timeout, repoPath)
+	_, err := NewCommand("mv").AddOptions(opt.CommandOptions).AddArgs("--end-of-options", src, dst).RunInDirWithTimeout(opt.Timeout, repoPath)
 	return err
 }
 
@@ -549,7 +551,7 @@ func ShowNameStatus(repoPath, rev string, opts ...ShowNameStatusOptions) (*NameS
 	stderr := new(bytes.Buffer)
 	cmd := NewCommand("show", "--name-status", "--pretty=format:''").
 		AddOptions(opt.CommandOptions).
-		AddArgs(rev)
+		AddArgs("--end-of-options", rev)
 	err := cmd.RunInDirPipelineWithTimeout(opt.Timeout, w, stderr, repoPath)
 	_ = w.Close() // Close writer to exit parsing goroutine
 	if err != nil {
diff --git a/repo_commit.go b/repo_commit.go
@@ -221,7 +221,7 @@ func (r *Repository) Log(rev string, opts ...LogOptions) ([]*Commit, error) {
 
 	cmd := NewCommand("log").
 		AddOptions(opt.CommandOptions).
-		AddArgs("--pretty="+LogFormatHashOnly, rev)
+		AddArgs("--pretty=" + LogFormatHashOnly)
 	if opt.MaxCount > 0 {
 		cmd.AddArgs("--max-count=" + strconv.Itoa(opt.MaxCount))
 	}
@@ -237,7 +237,7 @@ func (r *Repository) Log(rev string, opts ...LogOptions) ([]*Commit, error) {
 	if opt.RegexpIgnoreCase {
 		cmd.AddArgs("--regexp-ignore-case")
 	}
-	cmd.AddArgs("--")
+	cmd.AddArgs("--end-of-options", rev, "--")
 	if opt.Path != "" {
 		cmd.AddArgs(escapePath(opt.Path))
 	}
@@ -406,6 +406,7 @@ func DiffNameOnly(repoPath, base, head string, opts ...DiffNameOnlyOptions) ([]s
 	cmd := NewCommand("diff").
 		AddOptions(opt.CommandOptions).
 		AddArgs("--name-only")
+	cmd.AddArgs("--end-of-options")
 	if opt.NeedsMergeBase {
 		cmd.AddArgs(base + "..." + head)
 	} else {
@@ -471,7 +472,10 @@ func (r *Repository) RevListCount(refspecs []string, opts ...RevListCountOptions
 
 	cmd := NewCommand("rev-list").
 		AddOptions(opt.CommandOptions).
-		AddArgs("--count")
+		AddArgs(
+			"--count",
+			"--end-of-options",
+		)
 	cmd.AddArgs(refspecs...)
 	cmd.AddArgs("--")
 	if opt.Path != "" {
@@ -512,6 +516,7 @@ func (r *Repository) RevList(refspecs []string, opts ...RevListOptions) ([]*Comm
 	}
 
 	cmd := NewCommand("rev-list").AddOptions(opt.CommandOptions)
+	cmd.AddArgs("--end-of-options")
 	cmd.AddArgs(refspecs...)
 	cmd.AddArgs("--")
 	if opt.Path != "" {
diff --git a/repo_diff.go b/repo_diff.go
@@ -45,20 +45,20 @@ func (r *Repository) Diff(rev string, maxFiles, maxFileLines, maxLineChars int,
 		if commit.ParentsCount() == 0 {
 			cmd = cmd.AddArgs("show").
 				AddOptions(opt.CommandOptions).
-				AddArgs("--full-index", rev)
+				AddArgs("--full-index", "--end-of-options", rev)
 		} else {
 			c, err := commit.Parent(0)
 			if err != nil {
 				return nil, err
 			}
 			cmd = cmd.AddArgs("diff").
 				AddOptions(opt.CommandOptions).
-				AddArgs("--full-index", "-M", c.ID.String(), rev)
+				AddArgs("--full-index", "-M", c.ID.String(), "--end-of-options", rev)
 		}
 	} else {
 		cmd = cmd.AddArgs("diff").
 			AddOptions(opt.CommandOptions).
-			AddArgs("--full-index", "-M", opt.Base, rev)
+			AddArgs("--full-index", "-M", opt.Base, "--end-of-options", rev)
 	}
 
 	stdout, w := io.Pipe()
@@ -114,29 +114,29 @@ func (r *Repository) RawDiff(rev string, diffType RawDiffFormat, w io.Writer, op
 		if commit.ParentsCount() == 0 {
 			cmd = cmd.AddArgs("show").
 				AddOptions(opt.CommandOptions).
-				AddArgs("--full-index", rev)
+				AddArgs("--full-index", "--end-of-options", rev)
 		} else {
 			c, err := commit.Parent(0)
 			if err != nil {
 				return err
 			}
 			cmd = cmd.AddArgs("diff").
 				AddOptions(opt.CommandOptions).
-				AddArgs("--full-index", "-M", c.ID.String(), rev)
+				AddArgs("--full-index", "-M", c.ID.String(), "--end-of-options", rev)
 		}
 	case RawDiffPatch:
 		if commit.ParentsCount() == 0 {
 			cmd = cmd.AddArgs("format-patch").
 				AddOptions(opt.CommandOptions).
-				AddArgs("--full-index", "--no-signoff", "--no-signature", "--stdout", "--root", rev)
+				AddArgs("--full-index", "--no-signoff", "--no-signature", "--stdout", "--root", "--end-of-options", rev)
 		} else {
 			c, err := commit.Parent(0)
 			if err != nil {
 				return err
 			}
 			cmd = cmd.AddArgs("format-patch").
 				AddOptions(opt.CommandOptions).
-				AddArgs("--full-index", "--no-signoff", "--no-signature", "--stdout", rev+"..."+c.ID.String())
+				AddArgs("--full-index", "--no-signoff", "--no-signature", "--stdout", "--end-of-options", rev+"..."+c.ID.String())
 		}
 	default:
 		return fmt.Errorf("invalid diffType: %s", diffType)
diff --git a/repo_grep.go b/repo_grep.go
@@ -96,7 +96,11 @@ func (r *Repository) Grep(pattern string, opts ...GrepOptions) []*GrepResult {
 	if opt.ExtendedRegexp {
 		cmd.AddArgs("--extended-regexp")
 	}
-	cmd.AddArgs(pattern, opt.Tree)
+	cmd.AddArgs(
+		"--end-of-options",
+		pattern,
+		opt.Tree,
+	)
 	if opt.Pathspec != "" {
 		cmd.AddArgs("--", opt.Pathspec)
 	}
diff --git a/repo_pull.go b/repo_pull.go
@@ -32,8 +32,11 @@ func MergeBase(repoPath, base, head string, opts ...MergeBaseOptions) (string, e
 
 	stdout, err := NewCommand("merge-base").
 		AddOptions(opt.CommandOptions).
-		AddArgs(base, head).
-		RunInDirWithTimeout(opt.Timeout, repoPath)
+		AddArgs(
+			"--end-of-options",
+			base,
+			head,
+		).RunInDirWithTimeout(opt.Timeout, repoPath)
 	if err != nil {
 		if strings.Contains(err.Error(), "exit status 1") {
 			return "", ErrNoMergeBase
diff --git a/repo_reference.go b/repo_reference.go
@@ -56,7 +56,7 @@ func ShowRefVerify(repoPath, ref string, opts ...ShowRefVerifyOptions) (string,
 		opt = opts[0]
 	}
 
-	cmd := NewCommand("show-ref", "--verify", ref).AddOptions(opt.CommandOptions)
+	cmd := NewCommand("show-ref", "--verify", "--end-of-options", ref).AddOptions(opt.CommandOptions)
 	stdout, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)
 	if err != nil {
 		if strings.Contains(err.Error(), "not a valid ref") {
@@ -162,7 +162,7 @@ func SymbolicRef(repoPath string, opts ...SymbolicRefOptions) (string, error) {
 	if opt.Name == "" {
 		opt.Name = "HEAD"
 	}
-	cmd.AddArgs(opt.Name)
+	cmd.AddArgs("--end-of-options", opt.Name)
 	if opt.Ref != "" {
 		cmd.AddArgs(opt.Ref)
 	}
@@ -281,7 +281,7 @@ func DeleteBranch(repoPath, name string, opts ...DeleteBranchOptions) error {
 	} else {
 		cmd.AddArgs("-d")
 	}
-	_, err := cmd.AddArgs(name).RunInDirWithTimeout(opt.Timeout, repoPath)
+	_, err := cmd.AddArgs("--end-of-options", name).RunInDirWithTimeout(opt.Timeout, repoPath)
 	return err
 }
 
diff --git a/repo_remote.go b/repo_remote.go
@@ -49,7 +49,7 @@ func LsRemote(url string, opts ...LsRemoteOptions) ([]*Reference, error) {
 	if opt.Refs {
 		cmd.AddArgs("--refs")
 	}
-	cmd.AddArgs(url)
+	cmd.AddArgs("--end-of-options", url)
 	if len(opt.Patterns) > 0 {
 		cmd.AddArgs(opt.Patterns...)
 	}
@@ -121,7 +121,7 @@ func RemoteAdd(repoPath, name, url string, opts ...RemoteAddOptions) error {
 		cmd.AddArgs("--mirror=fetch")
 	}
 
-	_, err := cmd.AddArgs(name, url).RunInDirWithTimeout(opt.Timeout, repoPath)
+	_, err := cmd.AddArgs("--end-of-options", name, url).RunInDirWithTimeout(opt.Timeout, repoPath)
 	return err
 }
 
@@ -166,7 +166,7 @@ func RemoteRemove(repoPath, name string, opts ...RemoteRemoveOptions) error {
 
 	_, err := NewCommand("remote", "remove").
 		AddOptions(opt.CommandOptions).
-		AddArgs(name).
+		AddArgs("--end-of-options", name).
 		RunInDirWithTimeout(opt.Timeout, repoPath)
 	if err != nil {
 		// the error status may differ from git clients
@@ -263,7 +263,7 @@ func RemoteGetURL(repoPath, name string, opts ...RemoteGetURLOptions) ([]string,
 		cmd.AddArgs("--all")
 	}
 
-	stdout, err := cmd.AddArgs(name).RunInDirWithTimeout(opt.Timeout, repoPath)
+	stdout, err := cmd.AddArgs("--end-of-options", name).RunInDirWithTimeout(opt.Timeout, repoPath)
 	if err != nil {
 		return nil, err
 	}
@@ -306,7 +306,7 @@ func RemoteSetURL(repoPath, name, newurl string, opts ...RemoteSetURLOptions) er
 		cmd.AddArgs("--push")
 	}
 
-	cmd.AddArgs(name, newurl)
+	cmd.AddArgs("--end-of-options", name, newurl)
 
 	if opt.Regex != "" {
 		cmd.AddArgs(opt.Regex)
@@ -361,7 +361,7 @@ func RemoteSetURLAdd(repoPath, name, newurl string, opts ...RemoteSetURLAddOptio
 		cmd.AddArgs("--push")
 	}
 
-	cmd.AddArgs(name, newurl)
+	cmd.AddArgs("--end-of-options", name, newurl)
 
 	_, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)
 	if err != nil && strings.Contains(err.Error(), "Will not delete all non-push URLs") {
@@ -407,7 +407,7 @@ func RemoteSetURLDelete(repoPath, name, regex string, opts ...RemoteSetURLDelete
 		cmd.AddArgs("--push")
 	}
 
-	cmd.AddArgs(name, regex)
+	cmd.AddArgs("--end-of-options", name, regex)
 
 	_, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)
 	if err != nil && strings.Contains(err.Error(), "Will not delete all non-push URLs") {
diff --git a/repo_tag.go b/repo_tag.go
@@ -247,10 +247,9 @@ func (r *Repository) CreateTag(name, rev string, opts ...CreateTagOptions) error
 		if opt.Author != nil {
 			cmd.AddCommitter(opt.Author)
 		}
-	} else {
-		// 🚨 SECURITY: Prevent including unintended options in the path to the Git command.
 		cmd.AddArgs("--end-of-options")
-		cmd.AddArgs(name)
+	} else {
+		cmd.AddArgs("--end-of-options", name)
 	}
 
 	cmd.AddArgs(rev)
@@ -279,7 +278,7 @@ func (r *Repository) DeleteTag(name string, opts ...DeleteTagOptions) error {
 		opt = opts[0]
 	}
 
-	_, err := NewCommand("tag", "--delete", name).
+	_, err := NewCommand("tag", "--delete", "--end-of-options", name).
 		AddOptions(opt.CommandOptions).
 		RunInDirWithTimeout(opt.Timeout, r.path)
 	return err

Original file line number	Diff line number	Diff line change
`@@ -83,6 +83,7 @@ func Init(path string, opts ...InitOptions) error {`
`83`	`83`	`if opt.Bare {`
`84`	`84`	`cmd.AddArgs("--bare")`
`85`	`85`	`}`
	`86`	`+ cmd.AddArgs("--end-of-options")`
`86`	`87`	`_, err = cmd.RunInDirWithTimeout(opt.Timeout, path)`
`87`	`88`	`return err`
`88`	`89`	`}`
`@@ -157,6 +158,7 @@ func Clone(url, dst string, opts ...CloneOptions) error {`
`157`	`158`	`cmd.AddArgs("--depth", strconv.FormatUint(opt.Depth, 10))`
`158`	`159`	`}`
`159`	`160`
	`161`	`+ cmd.AddArgs("--end-of-options")`
`160`	`162`	`_, err = cmd.AddArgs(url, dst).RunWithTimeout(opt.Timeout)`
`161`	`163`	`return err`
`162`	`164`	`}`
`@@ -259,7 +261,7 @@ func Push(repoPath, remote, branch string, opts ...PushOptions) error {`
`259`	`261`	`opt = opts[0]`
`260`	`262`	`}`
`261`	`263`
`262`		`- cmd := NewCommand("push").AddOptions(opt.CommandOptions).AddArgs(remote, branch)`
	`264`	`+ cmd := NewCommand("push").AddOptions(opt.CommandOptions).AddArgs("--end-of-options", remote, branch)`
`263`	`265`	`_, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)`
`264`	`266`	`return err`
`265`	`267`	`}`
`@@ -346,7 +348,7 @@ func Reset(repoPath, rev string, opts ...ResetOptions) error {`
`346`	`348`	`cmd.AddArgs("--hard")`
`347`	`349`	`}`
`348`	`350`
`349`		`- _, err := cmd.AddOptions(opt.CommandOptions).AddArgs(rev).RunInDir(repoPath)`
	`351`	`+ _, err := cmd.AddOptions(opt.CommandOptions).AddArgs("--end-of-options", rev).RunInDir(repoPath)`
`350`	`352`	`return err`
`351`	`353`	`}`
`352`	`354`
`@@ -382,7 +384,7 @@ func Move(repoPath, src, dst string, opts ...MoveOptions) error {`
`382`	`384`	`opt = opts[0]`
`383`	`385`	`}`
`384`	`386`
`385`		`- _, err := NewCommand("mv").AddOptions(opt.CommandOptions).AddArgs(src, dst).RunInDirWithTimeout(opt.Timeout, repoPath)`
	`387`	`+ _, err := NewCommand("mv").AddOptions(opt.CommandOptions).AddArgs("--end-of-options", src, dst).RunInDirWithTimeout(opt.Timeout, repoPath)`
`386`	`388`	`return err`
`387`	`389`	`}`
`388`	`390`
`@@ -549,7 +551,7 @@ func ShowNameStatus(repoPath, rev string, opts ...ShowNameStatusOptions) (*NameS`
`549`	`551`	`stderr := new(bytes.Buffer)`
`550`	`552`	`cmd := NewCommand("show", "--name-status", "--pretty=format:''").`
`551`	`553`	`AddOptions(opt.CommandOptions).`
`552`		`- AddArgs(rev)`
	`554`	`+ AddArgs("--end-of-options", rev)`
`553`	`555`	`err := cmd.RunInDirPipelineWithTimeout(opt.Timeout, w, stderr, repoPath)`
`554`	`556`	`_ = w.Close() // Close writer to exit parsing goroutine`
`555`	`557`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,11 @@ func (r Repository) Grep(pattern string, opts ...GrepOptions) []GrepResult {`
`96`	`96`	`if opt.ExtendedRegexp {`
`97`	`97`	`cmd.AddArgs("--extended-regexp")`
`98`	`98`	`}`
`99`		`- cmd.AddArgs(pattern, opt.Tree)`
	`99`	`+ cmd.AddArgs(`
	`100`	`+ "--end-of-options",`
	`101`	`+ pattern,`
	`102`	`+ opt.Tree,`
	`103`	`+ )`
`100`	`104`	`if opt.Pathspec != "" {`
`101`	`105`	`cmd.AddArgs("--", opt.Pathspec)`
`102`	`106`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ func ShowRefVerify(repoPath, ref string, opts ...ShowRefVerifyOptions) (string,`
`56`	`56`	`opt = opts[0]`
`57`	`57`	`}`
`58`	`58`
`59`		`- cmd := NewCommand("show-ref", "--verify", ref).AddOptions(opt.CommandOptions)`
	`59`	`+ cmd := NewCommand("show-ref", "--verify", "--end-of-options", ref).AddOptions(opt.CommandOptions)`
`60`	`60`	`stdout, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)`
`61`	`61`	`if err != nil {`
`62`	`62`	`if strings.Contains(err.Error(), "not a valid ref") {`
`@@ -162,7 +162,7 @@ func SymbolicRef(repoPath string, opts ...SymbolicRefOptions) (string, error) {`
`162`	`162`	`if opt.Name == "" {`
`163`	`163`	`opt.Name = "HEAD"`
`164`	`164`	`}`
`165`		`- cmd.AddArgs(opt.Name)`
	`165`	`+ cmd.AddArgs("--end-of-options", opt.Name)`
`166`	`166`	`if opt.Ref != "" {`
`167`	`167`	`cmd.AddArgs(opt.Ref)`
`168`	`168`	`}`
`@@ -281,7 +281,7 @@ func DeleteBranch(repoPath, name string, opts ...DeleteBranchOptions) error {`
`281`	`281`	`} else {`
`282`	`282`	`cmd.AddArgs("-d")`
`283`	`283`	`}`
`284`		`- _, err := cmd.AddArgs(name).RunInDirWithTimeout(opt.Timeout, repoPath)`
	`284`	`+ _, err := cmd.AddArgs("--end-of-options", name).RunInDirWithTimeout(opt.Timeout, repoPath)`
`285`	`285`	`return err`
`286`	`286`	`}`
`287`	`287`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ func LsRemote(url string, opts ...LsRemoteOptions) ([]*Reference, error) {`
`49`	`49`	`if opt.Refs {`
`50`	`50`	`cmd.AddArgs("--refs")`
`51`	`51`	`}`
`52`		`- cmd.AddArgs(url)`
	`52`	`+ cmd.AddArgs("--end-of-options", url)`
`53`	`53`	`if len(opt.Patterns) > 0 {`
`54`	`54`	`cmd.AddArgs(opt.Patterns...)`
`55`	`55`	`}`
`@@ -121,7 +121,7 @@ func RemoteAdd(repoPath, name, url string, opts ...RemoteAddOptions) error {`
`121`	`121`	`cmd.AddArgs("--mirror=fetch")`
`122`	`122`	`}`
`123`	`123`
`124`		`- _, err := cmd.AddArgs(name, url).RunInDirWithTimeout(opt.Timeout, repoPath)`
	`124`	`+ _, err := cmd.AddArgs("--end-of-options", name, url).RunInDirWithTimeout(opt.Timeout, repoPath)`
`125`	`125`	`return err`
`126`	`126`	`}`
`127`	`127`
`@@ -166,7 +166,7 @@ func RemoteRemove(repoPath, name string, opts ...RemoteRemoveOptions) error {`
`166`	`166`
`167`	`167`	`_, err := NewCommand("remote", "remove").`
`168`	`168`	`AddOptions(opt.CommandOptions).`
`169`		`- AddArgs(name).`
	`169`	`+ AddArgs("--end-of-options", name).`
`170`	`170`	`RunInDirWithTimeout(opt.Timeout, repoPath)`
`171`	`171`	`if err != nil {`
`172`	`172`	`// the error status may differ from git clients`
`@@ -263,7 +263,7 @@ func RemoteGetURL(repoPath, name string, opts ...RemoteGetURLOptions) ([]string,`
`263`	`263`	`cmd.AddArgs("--all")`
`264`	`264`	`}`
`265`	`265`
`266`		`- stdout, err := cmd.AddArgs(name).RunInDirWithTimeout(opt.Timeout, repoPath)`
	`266`	`+ stdout, err := cmd.AddArgs("--end-of-options", name).RunInDirWithTimeout(opt.Timeout, repoPath)`
`267`	`267`	`if err != nil {`
`268`	`268`	`return nil, err`
`269`	`269`	`}`
`@@ -306,7 +306,7 @@ func RemoteSetURL(repoPath, name, newurl string, opts ...RemoteSetURLOptions) er`
`306`	`306`	`cmd.AddArgs("--push")`
`307`	`307`	`}`
`308`	`308`
`309`		`- cmd.AddArgs(name, newurl)`
	`309`	`+ cmd.AddArgs("--end-of-options", name, newurl)`
`310`	`310`
`311`	`311`	`if opt.Regex != "" {`
`312`	`312`	`cmd.AddArgs(opt.Regex)`
`@@ -361,7 +361,7 @@ func RemoteSetURLAdd(repoPath, name, newurl string, opts ...RemoteSetURLAddOptio`
`361`	`361`	`cmd.AddArgs("--push")`
`362`	`362`	`}`
`363`	`363`
`364`		`- cmd.AddArgs(name, newurl)`
	`364`	`+ cmd.AddArgs("--end-of-options", name, newurl)`
`365`	`365`
`366`	`366`	`_, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)`
`367`	`367`	`if err != nil && strings.Contains(err.Error(), "Will not delete all non-push URLs") {`
`@@ -407,7 +407,7 @@ func RemoteSetURLDelete(repoPath, name, regex string, opts ...RemoteSetURLDelete`
`407`	`407`	`cmd.AddArgs("--push")`
`408`	`408`	`}`
`409`	`409`
`410`		`- cmd.AddArgs(name, regex)`
	`410`	`+ cmd.AddArgs("--end-of-options", name, regex)`
`411`	`411`
`412`	`412`	`_, err := cmd.RunInDirWithTimeout(opt.Timeout, repoPath)`
`413`	`413`	`if err != nil && strings.Contains(err.Error(), "Will not delete all non-push URLs") {`
Original file line number	Diff line number	Diff line change
`@@ -247,10 +247,9 @@ func (r *Repository) CreateTag(name, rev string, opts ...CreateTagOptions) error`
`247`	`247`	`if opt.Author != nil {`
`248`	`248`	`cmd.AddCommitter(opt.Author)`
`249`	`249`	`}`
`250`		`- } else {`
`251`		`- // 🚨 SECURITY: Prevent including unintended options in the path to the Git command.`
`252`	`250`	`cmd.AddArgs("--end-of-options")`
`253`		`- cmd.AddArgs(name)`
	`251`	`+ } else {`
	`252`	`+ cmd.AddArgs("--end-of-options", name)`
`254`	`253`	`}`
`255`	`254`
`256`	`255`	`cmd.AddArgs(rev)`
`@@ -279,7 +278,7 @@ func (r *Repository) DeleteTag(name string, opts ...DeleteTagOptions) error {`
`279`	`278`	`opt = opts[0]`
`280`	`279`	`}`
`281`	`280`
`282`		`- _, err := NewCommand("tag", "--delete", name).`
	`281`	`+ _, err := NewCommand("tag", "--delete", "--end-of-options", name).`
`283`	`282`	`AddOptions(opt.CommandOptions).`
`284`	`283`	`RunInDirWithTimeout(opt.Timeout, r.path)`
`285`	`284`	`return err`