Security: Command injection risk via git clone with user-supplied URL

## Description

In `api/project.py:35`, a user-supplied URL is passed directly to `git clone`:

```python
cmd = ["git", "clone", url, str(path)]
subprocess.run(cmd, check=True, capture_output=True, text=True)
```

While `validators.url()` is checked beforehand, it does not reject dangerous URL schemes like `file://`, `ssh://`, or `git://`. Combined with `@public_access` on `analyze_repo`, this endpoint is reachable without authentication when `CODE_GRAPH_PUBLIC=1`.

## Impact

An attacker could:
- Use `file://` URLs to read local files on the server
- Use `ssh://` or `git://` URLs to probe internal network services
- Potentially trigger SSRF attacks

## Suggested Fix

Restrict to HTTPS-only URLs:
```python
parsed = urlparse(url)
if parsed.scheme not in ('https',):
    raise ValueError(f'Only HTTPS URLs are allowed, got: {parsed.scheme}')
```

## Context

Found during code review of PR #522.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Command injection risk via git clone with user-supplied URL #567

Description

Impact

Suggested Fix

Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Command injection risk via git clone with user-supplied URL #567

Description

Description

Impact

Suggested Fix

Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions