chore(scripts): Add git worktree management tools · getsentry/sentry-python@daa8631

Triggered via pull request February 20, 2026 20:10

ericapisani

opened #5497

Status Success

Total duration 16s

Artifacts –

changelog-preview.yml

on: pull_request_target

changelog-preview / preview

13s

Annotations

2 warnings

Path traversal allows worktree creation outside intended directory: scripts/worktree-create.sh#L17

The Makefile regex validation `^[a-zA-Z0-9_/-]+The Makefile regex validation permits forward slashes in the NAME parameter. This allows path traversal sequences like `../../foo` to create worktrees outside the intended `.worktrees` directory. An attacker with access to the Makefile target could create worktrees in arbitrary locations within the filesystem (relative to repo root), potentially overwriting or polluting other directories.

[QA3-AZZ] Path traversal allows worktree creation outside intended directory (additional location): scripts/worktree-delete.sh#L13

The Makefile regex validation `^[a-zA-Z0-9_/-]+The Makefile regex validation permits forward slashes in the NAME parameter. This allows path traversal sequences like `../../foo` to create worktrees outside the intended `.worktrees` directory. An attacker with access to the Makefile target could create worktrees in arbitrary locations within the filesystem (relative to repo root), potentially overwriting or polluting other directories.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(scripts): Add git worktree management tools #972

Summary

chore(scripts): Add git worktree management tools #972

Uh oh!

changelog-preview.yml

Annotations