From 11dd9d6e1f18b75926a4ae2284dce2343d2b5230 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Fri, 9 Nov 2018 16:34:17 +0000 Subject: Resolve possible cherry pick API race condition Previously, we just fetched the latest commit for the given branch when presenting the resulting commit, but because something could have been committed to that branch between the time we cherry-picked and the time we render the result, the wrong commit could have been presented. Now, we fetch the commit object with the commit SHA returned by the commit change service, which should always be the correct commit. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53773 --- changelogs/unreleased/rs-cherry-pick-api.yml | 5 +++++ lib/api/commits.rb | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 changelogs/unreleased/rs-cherry-pick-api.yml diff --git a/changelogs/unreleased/rs-cherry-pick-api.yml b/changelogs/unreleased/rs-cherry-pick-api.yml new file mode 100644 index 00000000000..ce844dfc939 --- /dev/null +++ b/changelogs/unreleased/rs-cherry-pick-api.yml @@ -0,0 +1,5 @@ +--- +title: Resolve possible cherry pick API race condition +merge_request: +author: +type: fixed diff --git a/lib/api/commits.rb b/lib/api/commits.rb index e59abd3e3d0..ee20c6efe78 100644 --- a/lib/api/commits.rb +++ b/lib/api/commits.rb @@ -194,11 +194,13 @@ module API branch_name: params[:branch] } - result = ::Commits::CherryPickService.new(user_project, current_user, commit_params).execute + result = ::Commits::CherryPickService + .new(user_project, current_user, commit_params) + .execute if result[:status] == :success - branch = find_branch!(params[:branch]) - present user_project.repository.commit(branch.dereferenced_target), with: Entities::Commit + present user_project.repository.commit(result[:result]), + with: Entities::Commit else render_api_error!(result[:message], 400) end -- cgit v1.2.1