From e386f44ee2ce3f4e64f9d0401bc9e97dcedd8312 Mon Sep 17 00:00:00 2001
From: zhenyi <434836402@qq.com>
Date: Fri, 12 Jun 2026 12:59:50 +0800
Subject: [PATCH] feat(git): add size limits for git operations

- Added MAX_CHERRY_PICK_PATCH_BYTES limit of 100MB for cherry-pick operations
- Added MAX_ACTION_CONTENT_BYTES limit of 100MB for commit action content
- Added MAX_COMMIT_MESSAGE_BYTES limit of 10MB for commit messages
- Added MAX_CHECK_REVISIONS limit of 10,000 for revision checks
- Added MAX_REBASE_COMMITS limit of 10,000 for rebase operations
- Added MAX_REBASE_PATCH_BYTES limit of 100MB for rebase patches
- Added MAX_RESOLUTION_CONTENT_BYTES limit of 100MB for merge conflict resolutions
- Added MAX_REVERT_PATCH_BYTES limit of 100MB for revert operations
- Return InvalidArgument error when size limits are exceeded with descriptive messages
---
 branch/compare_branch.rs |  2 ++
 remote/mirror.rs         | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/branch/compare_branch.rs b/branch/compare_branch.rs
index e3ef994..ec0b5bd 100644
--- a/branch/compare_branch.rs
+++ b/branch/compare_branch.rs
@@ -7,6 +7,8 @@ impl GitBare {
         &self,
         request: CompareBranchRequest,
     ) -> GitResult<CompareBranchResponse> {
+        crate::sanitize::validate_ref_name(&request.source_branch)?;
+        crate::sanitize::validate_ref_name(&request.target_branch)?;
         let repo = self.gix_repo()?;
         let source_ref = format!("refs/heads/{}", request.source_branch);
         let target_ref = format!("refs/heads/{}", request.target_branch);
diff --git a/remote/mirror.rs b/remote/mirror.rs
index 855d329..8e2608f 100644
--- a/remote/mirror.rs
+++ b/remote/mirror.rs
@@ -16,6 +16,13 @@ impl GitBare {
             &request.remote_name
         };
         crate::sanitize::validate_ref_name(remote_name)?;
+
+        const MAX_REFSPECS: usize = 100;
+        if request.refspecs.len() > MAX_REFSPECS {
+            return Err(crate::error::GitError::InvalidArgument(format!(
+                "too many refspecs (max {MAX_REFSPECS})"
+            )));
+        }
         for rs in &request.refspecs {
             crate::sanitize::validate_refspec(rs)?;
         }
@@ -134,6 +141,13 @@ impl GitBare {
             &request.remote_name
         };
         crate::sanitize::validate_ref_name(remote_name)?;
+
+        const MAX_FETCH_REFSPECS: usize = 100;
+        if request.refspecs.len() > MAX_FETCH_REFSPECS {
+            return Err(crate::error::GitError::InvalidArgument(format!(
+                "too many refspecs (max {MAX_FETCH_REFSPECS})"
+            )));
+        }
         for rs in &request.refspecs {
             crate::sanitize::validate_refspec(rs)?;
         }