gitdata.ai/gitks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70f2f7d63d074ff55dad7fd2d3485dab0960f01e
gitks/merge/rebase.rs
T
zhenyi 293102e5f2 feat(git): add size limits for git operations 
- Added MAX_CHERRY_PICK_PATCH_BYTES limit of 100MB for cherry-pick operations
- Added MAX_ACTION_CONTENT_BYTES limit of 100MB for commit action content
- Added MAX_COMMIT_MESSAGE_BYTES limit of 10MB for commit messages
- Added MAX_CHECK_REVISIONS limit of 10,000 for revision checks
- Added MAX_REBASE_COMMITS limit of 10,000 for rebase operations
- Added MAX_REBASE_PATCH_BYTES limit of 100MB for rebase patches
- Added MAX_RESOLUTION_CONTENT_BYTES limit of 100MB for merge conflict resolutions
- Added MAX_REVERT_PATCH_BYTES limit of 100MB for revert operations
- Return InvalidArgument error when size limits are exceeded with descriptive messages
2026-06-12 12:59:47 +08:00

216 lines
7.0 KiB
Rust
Raw Blame History

use crate::bare::GitBare;
use crate::commit::create_commit::command_ok;
use crate::error::{GitError, GitResult};
use crate::pb::{RebaseRequest, RebaseResult, rebase_result};
const MAX_REBASE_COMMITS: usize = 10_000;
const MAX_REBASE_PATCH_BYTES: usize = 100 * 1024 * 1024;
impl GitBare {
pub fn rebase(&self, request: RebaseRequest) -> GitResult<RebaseResult> {
let branch = request.branch.clone();
crate::sanitize::validate_ref_name(&branch)?;
let upstream_revision = match request.upstream.and_then(|s| s.selector) {
Some(crate::pb::object_selector::Selector::Oid(oid)) => {
crate::sanitize::validate_oid_hex(&oid.hex)?;
oid.hex
}
Some(crate::pb::object_selector::Selector::Revision(name)) => {
crate::sanitize::validate_revision(&name.revision)?;
name.revision
}
None => return Err(GitError::InvalidArgument("upstream is required".into())),
};
let repo = self.gix_repo()?;
let branch_ref = format!("refs/heads/{}", branch);
let branch_tip = repo
.find_reference(branch_ref.as_str())
.ok()
.and_then(|mut r| r.peel_to_id().ok())
.map(|id| id.to_string())
.ok_or_else(|| GitError::RefNotFound(branch.clone()))?;
let upstream_id = repo
.rev_parse_single(upstream_revision.as_str())?
.to_string();
if branch_tip == upstream_id {
return Ok(RebaseResult {
status: rebase_result::Status::RebaseResultStatusAlreadyUpToDate as i32,
head: None,
conflicts: vec![],
});
}
let result = duct::cmd(
"git",
[
"--git-dir",
self.bare_dir.to_string_lossy().as_ref(),
"rev-list",
"--reverse",
&format!("{}..{}", upstream_id, branch_tip),
],
)
.stdout_capture()
.stderr_capture()
.unchecked()
.run()?;
if !result.status.success() {
return Err(GitError::CommandFailed {
status_code: result.status.code(),
stderr: String::from_utf8_lossy(&result.stderr).into_owned(),
});
}
let commits: Vec<String> = String::from_utf8_lossy(&result.stdout)
.lines()
.map(str::trim)
.filter(|l| !l.is_empty())
.map(String::from)
.collect();
if commits.len() > MAX_REBASE_COMMITS {
return Err(GitError::InvalidArgument(format!(
"too many commits to rebase ({} > max {MAX_REBASE_COMMITS})",
commits.len()
)));
}
if commits.is_empty() {
return Ok(RebaseResult {
status: rebase_result::Status::RebaseResultStatusAlreadyUpToDate as i32,
head: None,
conflicts: vec![],
});
}
let mut current_tip = upstream_id.clone();
for commit_hex in &commits {
current_tip =
self.rebase_one_commit(commit_hex, &current_tip, request.committer.as_ref())?;
}
self.update_branch_ref(&branch, &current_tip, Some(&branch_tip), false)?;
Ok(RebaseResult {
status: rebase_result::Status::RebaseResultStatusRebased as i32,
head: Some(self.get_commit(crate::pb::GetCommitRequest {
repository: request.repository,
revision: Some(crate::pb::ObjectSelector {
selector: Some(crate::pb::object_selector::Selector::Revision(
crate::pb::ObjectName {
revision: current_tip,
},
)),
}),
include_stats: false,
include_raw: false,
})?),
conflicts: vec![],
})
}
fn rebase_one_commit(
&self,
commit_hex: &str,
new_parent: &str,
committer: Option<&crate::pb::Signature>,
) -> GitResult<String> {
let repo = self.gix_repo()?;
let id = repo.rev_parse_single(commit_hex)?;
let obj = id
.object()?
.try_into_commit()
.map_err(|e| GitError::Gix(e.to_string()))?;
let message = obj.message_raw()?.to_string();
let author = obj.author().ok();
let bare = self.bare_dir.to_string_lossy().into_owned();
let tmp_index = tempfile::Builder::new()
.prefix("gitks-rebase-")
.tempfile_in(&self.bare_dir)?;
let idx_path = tmp_index.path().to_string_lossy().into_owned();
let read_tree = duct::cmd("git", ["--git-dir", bare.as_str(), "read-tree", new_parent])
.env("GIT_INDEX_FILE", &idx_path)
.stdout_capture()
.stderr_capture()
.unchecked()
.run()?;
command_ok(read_tree)?;
let diff = duct::cmd(
"git",
[
"--git-dir",
bare.as_str(),
"format-patch",
"--stdout",
"--full-index",
"--binary",
"-1",
commit_hex,
],
)
.env("GIT_INDEX_FILE", &idx_path)
.stdout_capture()
.stderr_capture()
.unchecked()
.run()?;
let patch_data = command_ok(diff)?;
if patch_data.len() > MAX_REBASE_PATCH_BYTES {
return Err(GitError::InvalidArgument(format!(
"rebase patch too large for {commit_hex} ({} bytes, max {MAX_REBASE_PATCH_BYTES})",
patch_data.len()
)));
}
let apply = duct::cmd(
"git",
[
"--git-dir",
bare.as_str(),
"apply",
"--cached",
"--allow-empty",
"-",
],
)
.env("GIT_INDEX_FILE", &idx_path)
.stdin_bytes(patch_data.as_bytes())
.stdout_capture()
.stderr_capture()
.unchecked()
.run()?;
if !apply.status.success() {
return Err(GitError::Internal(format!(
"rebase apply failed for {}: {}",
commit_hex,
String::from_utf8_lossy(&apply.stderr)
)));
}
let write_tree = duct::cmd("git", ["--git-dir", bare.as_str(), "write-tree"])
.env("GIT_INDEX_FILE", &idx_path)
.stdout_capture()
.stderr_capture()
.unchecked()
.run()?;
let tree_id = command_ok(write_tree)?.trim().to_string();
let parents = vec![new_parent.to_string()];
self.commit_tree(
&tree_id,
&parents,
&message,
author
.as_ref()
.map(|a| crate::commit::get_commit::gix_sig_to_pb(a))
.as_ref(),
committer,
)
}
}
Reference in New Issue View Git Blame Copy Permalink