From e582b269f1b166075e846111dfcb9bb77f905e75 Mon Sep 17 00:00:00 2001
From: zhenyi <434836402@qq.com>
Date: Wed, 10 Jun 2026 18:31:54 +0800
Subject: [PATCH] fix(server): validate branch name in set_default_branch

Call validate_ref_name on the user-provided branch name before
constructing the symbolic-ref argument to prevent command injection.
---
 server/repository.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/repository.rs b/server/repository.rs
index 9107453..d4b556d 100644
--- a/server/repository.rs
+++ b/server/repository.rs
@@ -206,6 +206,8 @@ impl repository_service_server::RepositoryService for GitksService {
             }
             Err(err) => return Err(err),
         };
+        crate::sanitize::validate_ref_name(&inner.name)
+            .map_err(|e| tonic::Status::invalid_argument(e.to_string()))?;
         let refname = format!("refs/heads/{}", inner.name);
         git_cmd(&gb, &["symbolic-ref", "HEAD", &refname])?;
         tracing::info!(%repo, %name, "default branch set");