diff options
Diffstat (limited to 'lib/gitlab/checks/branch_check.rb')
-rw-r--r-- | lib/gitlab/checks/branch_check.rb | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb index 7be0ef05a49..ad2a718ef67 100644 --- a/lib/gitlab/checks/branch_check.rb +++ b/lib/gitlab/checks/branch_check.rb @@ -12,7 +12,8 @@ module Gitlab push_protected_branch: 'You are not allowed to push code to protected branches on this project.', create_protected_branch: 'You are not allowed to create protected branches on this project.', invalid_commit_create_protected_branch: 'You can only use an existing protected branch ref as the basis of a new protected branch.', - non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.' + non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.', + prohibited_hex_branch_name: 'You cannot create a branch with a 40-character hexadecimal branch name.' }.freeze LOG_MESSAGES = { @@ -32,11 +33,20 @@ module Gitlab end end + prohibited_branch_checks protected_branch_checks end private + def prohibited_branch_checks + return unless Feature.enabled?(:prohibit_hexadecimal_branch_names, project, default_enabled: true) + + if branch_name =~ /\A\h{40}\z/ + raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_hex_branch_name] + end + end + def protected_branch_checks logger.log_timed(LOG_MESSAGES[:protected_branch_checks]) do return unless ProtectedBranch.protected?(project, branch_name) # rubocop:disable Cop/AvoidReturnFromBlocks |