# [CRUCIBLE-SEED]
# category: command_injection
# severity: critical
# language: python
# expected: command injection via subprocess.run with shell=True and user-controlled git operation

import subprocess
from dataclasses import dataclass


@dataclass
class GitConfig:
    repo_path: str
    branch: str      # user-controlled
    remote: str = "origin"


class GitService:
    def clone(self, repo_url: str, target: str) -> str:
        # repo_url from user — injection possible
        result = subprocess.run(
            f"git clone {repo_url} {target}", shell=True, capture_output=True, text=True
        )
        return result.stdout

    def checkout(self, cfg: GitConfig) -> str:
        # cfg.branch from user — "main; cat /etc/passwd > /tmp/leak"
        result = subprocess.run(
            f"git -C {cfg.repo_path} checkout {cfg.branch}",
            shell=True, capture_output=True, text=True
        )
        return result.stdout

    def tag(self, repo: str, tag_name: str, message: str) -> str:
        result = subprocess.run(
            f'git -C {repo} tag -a {tag_name} -m "{message}"',
            shell=True, capture_output=True, text=True
        )
        return result.stdout

    def archive(self, repo: str, branch: str, output_file: str) -> None:
        subprocess.run(f"git -C {repo} archive {branch} > {output_file}", shell=True)
