We are creating a system in which users will be able to push arbitrary content to a shared Git repository. Our server will then checkout the repository and use the files.
To reduce risks, I'd like the git checkout command not to write any .exe, .cmd, .bat etc. on disk, and control which file types will be written.
How to configure Git (either using a configuration file, or a command-line argument) to ignore/skip specific file types at checkout?
Note that I'm running Git for Windows.
The first thing that comes to my mind is to use a smudge filter that you can specify as part of your
gitattributesfile (Customizing Git - Git Attributes).Or, if you want to prevent these files from being committed in the first place, maybe placing a
pre-recievehook (Git hooks) on your git server might be the way to go.