address review feedback and CI failures

Consolidate follow-up fixes from review and CI:

- fix lint and mypy issues in reference log path handling
- validate remote reference paths before invoking git branch deletion
- add symlink escape coverage where realpath resolves symlinks
- ensure temporary test repositories release git resources during cleanup

Author: codex

git/refs/log.py

@@ -4,7 +4,6 @@
 __all__ = ["RefLog", "RefLogEntry"]
 
 from mmap import mmap
-import os.path as osp
 import re
 import time as _time
 
@@ -212,6 +211,9 @@ def path(cls, ref: "SymbolicReference") -> str:
 
         :param ref:
             :class:`~git.refs.symbolic.SymbolicReference` instance
+
+        :raise ValueError:
+            If `ref.path` is invalid or escapes the repository's reflog directory.
         """
         return to_native_path(ref._get_validated_reflog_path(ref.repo, ref.path))
 

git/refs/remote.py

@@ -58,12 +58,14 @@ def delete(cls, repo: "Repo", *refs: "RemoteReference", **kwargs: Any) -> None:
             `kwargs` are given for comparability with the base class method as we
             should not narrow the signature.
         """
+        for ref in refs:
+            cls._check_ref_name_valid(ref.path)
+
         repo.git.branch("-d", "-r", *refs)
         # The official deletion method will ignore remote symbolic refs - these are
         # generally ignored in the refs/ folder. We don't though and delete remainders
         # manually.
         for ref in refs:
-            cls._check_ref_name_valid(ref.path)
             try:
                 os.remove(cls._get_validated_path(repo.common_dir, ref.path))
             except OSError:

git/util.py

@@ -289,7 +289,7 @@ def join_path(a: PathLike, *p: PathLike) -> PathLike:
 
 if sys.platform == "win32":
 
-    def to_native_path_windows(path: PathLike) -> PathLike:
+    def to_native_path_windows(path: PathLike) -> str:
         path = os.fspath(path)
         return path.replace("/", "\\")
 

test/test_refs.py

@@ -3,6 +3,7 @@
 # This module is part of GitPython and is released under the
 # 3-Clause BSD License: https://opensource.org/license/bsd-3-clause/
 
+import contextlib
 from itertools import chain
 import os.path as osp
 from pathlib import Path
@@ -30,13 +31,17 @@
 
 
 class TestRefs(TestBase):
+    @contextlib.contextmanager
     def _repo_with_initial_commit(self, base_dir):
         repo_dir = base_dir / "repo"
         repo = Repo.init(repo_dir)
         (repo_dir / "file.txt").write_text("initial\n", encoding="utf-8")
         repo.index.add(["file.txt"])
         repo.index.commit("initial")
-        return repo
+        try:
+            yield repo
+        finally:
+            repo.git.clear_cache()
 
     def test_from_path(self):
         # Should be able to create any reference directly.
@@ -660,60 +665,84 @@ def test_refs_outside_repo(self):
     def test_reference_create_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
             base_dir = Path(tmp_dir)
-            repo = self._repo_with_initial_commit(base_dir)
-            outside_path = base_dir / "outside_write.txt"
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_path = base_dir / "outside_write.txt"
 
-            self.assertRaises(ValueError, Reference.create, repo, "../../../outside_write.txt", "HEAD")
-            assert not outside_path.exists()
+                self.assertRaises(ValueError, Reference.create, repo, "../../../outside_write.txt", "HEAD")
+                assert not outside_path.exists()
 
     def test_symbolic_reference_create_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
             base_dir = Path(tmp_dir)
-            repo = self._repo_with_initial_commit(base_dir)
-            outside_path = base_dir / "outside_write.txt"
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_path = base_dir / "outside_write.txt"
 
-            self.assertRaises(ValueError, SymbolicReference.create, repo, "../../outside_write.txt", "HEAD")
-            assert not outside_path.exists()
+                self.assertRaises(ValueError, SymbolicReference.create, repo, "../../outside_write.txt", "HEAD")
+                assert not outside_path.exists()
 
     def test_symbolic_reference_set_reference_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
             base_dir = Path(tmp_dir)
-            repo = self._repo_with_initial_commit(base_dir)
-            outside_path = base_dir / "outside_write.txt"
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_path = base_dir / "outside_write.txt"
 
-            self.assertRaises(ValueError, SymbolicReference(repo, "../../outside_write.txt").set_reference, "HEAD")
-            assert not outside_path.exists()
+                self.assertRaises(ValueError, SymbolicReference(repo, "../../outside_write.txt").set_reference, "HEAD")
+                assert not outside_path.exists()
 
     def test_symbolic_reference_rename_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
             base_dir = Path(tmp_dir)
-            repo = self._repo_with_initial_commit(base_dir)
-            outside_path = base_dir / "outside_move.txt"
-            ref = SymbolicReference.create(repo, "SAFE_RENAME_SOURCE", "HEAD")
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_path = base_dir / "outside_move.txt"
+                ref = SymbolicReference.create(repo, "SAFE_RENAME_SOURCE", "HEAD")
 
-            self.assertRaises(ValueError, ref.rename, "../../outside_move.txt")
-            assert not outside_path.exists()
-            assert Path(ref.abspath).is_file()
+                self.assertRaises(ValueError, ref.rename, "../../outside_move.txt")
+                assert not outside_path.exists()
+                assert Path(ref.abspath).is_file()
 
     def test_symbolic_reference_delete_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
             base_dir = Path(tmp_dir)
-            repo = self._repo_with_initial_commit(base_dir)
-            outside_path = base_dir / "outside_delete.txt"
-            outside_path.write_text("do not delete\n", encoding="utf-8")
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_path = base_dir / "outside_delete.txt"
+                outside_path.write_text("do not delete\n", encoding="utf-8")
 
-            self.assertRaises(ValueError, SymbolicReference.delete, repo, "../../outside_delete.txt")
-            assert outside_path.read_text(encoding="utf-8") == "do not delete\n"
+                self.assertRaises(ValueError, SymbolicReference.delete, repo, "../../outside_delete.txt")
+                assert outside_path.read_text(encoding="utf-8") == "do not delete\n"
 
     def test_symbolic_reference_log_append_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
             base_dir = Path(tmp_dir)
-            repo = self._repo_with_initial_commit(base_dir)
-            outside_path = base_dir / "outside_reflog.txt"
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_path = base_dir / "outside_reflog.txt"
+
+                ref = SymbolicReference(repo, "../../../outside_reflog.txt")
+                self.assertRaises(
+                    ValueError, ref.log_append, Commit.NULL_BIN_SHA, "do not write", repo.head.commit.binsha
+                )
+                assert not outside_path.exists()
 
-            ref = SymbolicReference(repo, "../../../outside_reflog.txt")
-            self.assertRaises(ValueError, ref.log_append, Commit.NULL_BIN_SHA, "do not write", repo.head.commit.binsha)
-            assert not outside_path.exists()
+    def test_symbolic_reference_set_reference_rejects_symlink_escape(self):
+        with tempfile.TemporaryDirectory() as tmp_dir:
+            base_dir = Path(tmp_dir)
+            with self._repo_with_initial_commit(base_dir) as repo:
+                outside_dir = base_dir / "outside_refs"
+                outside_dir.mkdir()
+                outside_path = outside_dir / "escaped"
+
+                refs_heads_dir = Path(repo.common_dir) / "refs" / "heads"
+                refs_heads_dir.mkdir(parents=True, exist_ok=True)
+                symlink_path = refs_heads_dir / "link_out"
+                try:
+                    symlink_path.symlink_to(outside_dir, target_is_directory=True)
+                except (OSError, NotImplementedError) as ex:
+                    self.skipTest("symlinks unavailable on this platform: %s" % ex)
+                if osp.realpath(symlink_path / "escaped") == osp.abspath(symlink_path / "escaped"):
+                    self.skipTest("realpath does not resolve directory symlinks on this platform")
+
+                ref = SymbolicReference(repo, "refs/heads/link_out/escaped")
+                self.assertRaises(ValueError, ref.set_reference, "HEAD")
+                assert not outside_path.exists()
 
     def test_remote_reference_delete_cleanup_rejects_path_traversal(self):
         with tempfile.TemporaryDirectory() as tmp_dir:
@@ -724,8 +753,10 @@ def test_remote_reference_delete_cleanup_rejects_path_traversal(self):
             outside_path.write_text("do not delete\n", encoding="utf-8")
 
             class GitStub:
+                branch_called = False
+
                 def branch(self, *args):
-                    pass
+                    self.branch_called = True
 
             class RepoStub:
                 pass
@@ -737,6 +768,7 @@ class RepoStub:
             ref = RemoteReference(repo, "../../outside_remote_delete.txt", check_path=False)
 
             self.assertRaises(ValueError, RemoteReference.delete, repo, ref)
+            assert not repo.git.branch_called
             assert outside_path.read_text(encoding="utf-8") == "do not delete\n"
 
     def test_validity_ref_names(self):