Merge branch 'jc-improve-ref-validation' into 'master'

git: Validate \\ in refname

See merge request https://gitlab.com/gitlab-org/gitaly/-/merge_requests/4921

Merged-by: Justin Tobler <jtobler@gitlab.com>
Approved-by: Patrick Steinhardt <psteinhardt@gitlab.com>
Approved-by: Justin Tobler <jtobler@gitlab.com>
Co-authored-by: John Cai <jcai@gitlab.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/internal/git/revision.go b/internal/git/revision.go
index 89d1e05d4..45814cfad 100644
--- a/internal/git/revision.go
+++ b/internal/git/revision.go
@@ -21,6 +21,9 @@ func validateRevision(revision []byte, allowEmpty bool) error {
 	if bytes.Contains(revision, []byte(":")) {
 		return fmt.Errorf("revision can't contain ':'")
 	}
+	if bytes.Contains(revision, []byte("\\")) {
+		return fmt.Errorf("revision can't contain '\\'")
+	}
 	return nil
 }
 
diff --git a/internal/git/revision_test.go b/internal/git/revision_test.go
index edd574d5c..afb05c2e6 100644
--- a/internal/git/revision_test.go
+++ b/internal/git/revision_test.go
@@ -63,6 +63,11 @@ func TestValidateRevision(t *testing.T) {
 			revision:    "foo/bar:baz",
 			expectedErr: fmt.Errorf("revision can't contain ':'"),
 		},
+		{
+			desc:        "backslash",
+			revision:    "foo\\bar\\baz",
+			expectedErr: fmt.Errorf("revision can't contain '\\'"),
+		},
 	} {
 		t.Run(tc.desc, func(t *testing.T) {
 			require.Equal(t, tc.expectedErr, ValidateRevision([]byte(tc.revision)))