Validate MR branch names

Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.

HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.

Another special case is `refs/head/*`, which can be imported.

1 files changed, 21 insertions, 2 deletions

diff --git a/lib/gitlab/git_ref_validator.rb b/lib/gitlab/git_ref_validator.rb
index 3f13ebeb9d0..dfff6823689 100644
--- a/lib/gitlab/git_ref_validator.rb
+++ b/lib/gitlab/git_ref_validator.rb
@@ -5,12 +5,15 @@
 module Gitlab
   module GitRefValidator
     extend self
+
+    EXPANDED_PREFIXES = %w[refs/heads/ refs/remotes/].freeze
+    DISALLOWED_PREFIXES = %w[-].freeze
+
     # Validates a given name against the git reference specification
     #
     # Returns true for a valid reference name, false otherwise
     def validate(ref_name)
-      not_allowed_prefixes = %w(refs/heads/ refs/remotes/ -)
-      return false if ref_name.start_with?(*not_allowed_prefixes)
+      return false if ref_name.start_with?(*(EXPANDED_PREFIXES + DISALLOWED_PREFIXES))
       return false if ref_name == 'HEAD'
 
       begin
@@ -19,5 +22,21 @@ module Gitlab
         return false
       end
     end
+
+    def validate_merge_request_branch(ref_name)
+      return false if ref_name.start_with?(*DISALLOWED_PREFIXES)
+
+      expanded_name = if ref_name.start_with?(*EXPANDED_PREFIXES)
+                        ref_name
+                      else
+                        "refs/heads/#{ref_name}"
+                      end
+
+      begin
+        Rugged::Reference.valid_name?(expanded_name)
+      rescue ArgumentError
+        return false
+      end
+    end
   end
 end