fix(server): validate branch name in set_default_branch

Call validate_ref_name on the user-provided branch name before constructing the symbolic-ref argument to prevent command injection.
2026-06-10 18:31:54 +08:00
parent 0665772079
commit e582b269f1
1 changed files with 2 additions and 0 deletions
@@ -206,6 +206,8 @@ impl repository_service_server::RepositoryService for GitksService {
            }
            Err(err) => return Err(err),
        };
+        crate::sanitize::validate_ref_name(&inner.name)
+            .map_err(|e| tonic::Status::invalid_argument(e.to_string()))?;
        let refname = format!("refs/heads/{}", inner.name);
        git_cmd(&gb, &["symbolic-ref", "HEAD", &refname])?;
        tracing::info!(%repo, %name, "default branch set");