Use rugged to validate ref name

2 files changed, 8 insertions, 5 deletions

diff --git a/lib/gitlab/git_ref_validator.rb b/lib/gitlab/git_ref_validator.rb
index 2e3e4fc3f1f..40636fb204e 100644
--- a/lib/gitlab/git_ref_validator.rb
+++ b/lib/gitlab/git_ref_validator.rb
@@ -7,11 +7,11 @@ module Gitlab
     #
     # Returns true for a valid reference name, false otherwise
     def validate(ref_name)
-      return false if ref_name.start_with?('refs/heads/')
-      return false if ref_name.start_with?('refs/remotes/')
+      not_allowed_prefixes = %w(refs/heads/ refs/remotes/ -)
+      return false if ref_name.start_with?(*not_allowed_prefixes)
+      return false if ref_name == 'HEAD'
 
-      Gitlab::Utils.system_silent(
-        %W(#{Gitlab.config.git.bin_path} check-ref-format --branch #{ref_name}))
+      Rugged::Reference.valid_name? "refs/heads/#{ref_name}"
     end
   end
 end
diff --git a/scripts/lint-rugged b/scripts/lint-rugged
index cabd083e9f9..d0c2c544c47 100755
--- a/scripts/lint-rugged
+++ b/scripts/lint-rugged
@@ -14,7 +14,10 @@ ALLOWED = [
   'lib/tasks/gitlab/cleanup.rake',
 
   # The only place where Rugged code is still allowed in production
-  'lib/gitlab/git/'
+  'lib/gitlab/git/',
+
+  # Needed to avoid using the git binary to validate a branch name
+  'lib/gitlab/git_ref_validator.rb'
 ].freeze
 
 rugged_lines = IO.popen(%w[git grep -i -n rugged -- app config lib], &:read).lines