Return an error for an invalid ref_name

* Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/351520 * Sentry error: https://sentry.gitlab.net/gitlab/gitlabcom/issues/3173142/ **Problem** Git ref cannot start with `-`. Currently we return an ArgumentError from the Gitaly. **Solution** Verify the ref_name with regexp Changelog: fixed

Return an error for an invalid ref_name
* Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/351520 * Sentry error: https://sentry.gitlab.net/gitlab/gitlabcom/issues/3173142/ **Problem** Git ref cannot start with `-`. Currently we return an ArgumentError from the Gitaly. **Solution** Verify the ref_name with regexp Changelog: fixed
ca87a513 · Vasilii Iakliushin · e1a881c1 · ca87a513 · ca87a513 · ca87a513
Commit ca87a513 authored Jan 31, 2022 by Vasilii Iakliushin
4 changed files
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@@ -32,7 +32,7 @@ module API
        success Entities::Commit
      end
      params do
-        optional :ref_name, type: String, desc: 'The name of a repository branch or tag, if not given the default branch is used'
+        optional :ref_name, type: String, desc: 'The name of a repository branch or tag, if not given the default branch is used', regexp: /\A#{Gitlab::PathRegex.git_reference_regex}\z|\A\z/
        optional :since, type: DateTime, desc: 'Only commits after or on this date will be returned'
        optional :until, type: DateTime, desc: 'Only commits before or on this date will be returned'
        optional :path, type: String, desc: 'The file path'

--- a/lib/gitlab/path_regex.rb
+++ b/lib/gitlab/path_regex.rb
@@ -234,7 +234,7 @@ module Gitlab
      @git_reference_regex ||= single_line_regexp %r{
        (?!
           (?# doesn't begins with)
-           \/|                    (?# rule #6)
+           \/|-|                  (?# rule #6)
           (?# doesn't contain)
           .*(?:
              [\/.]\.|            (?# rule #1,3)

--- a/spec/lib/gitlab/path_regex_spec.rb
+++ b/spec/lib/gitlab/path_regex_spec.rb
@@ -530,6 +530,18 @@ RSpec.describe Gitlab::PathRegex do
      it { is_expected.not_to match('snippets/1.wiki.git') }
    end
+    describe '.git_reference_regex' do
+      subject { %r{\A#{described_class.git_reference_regex}\z} }
+      it { is_expected.to match('main') }
+      it { is_expected.to match('v1.2.3') }
+      it { is_expected.to match('refs/heads/main') }
+      it { is_expected.to match('1-2-3') }
+      it { is_expected.to match('1-----') }
+      it { is_expected.not_to match('-main') }
+      it { is_expected.not_to match('') }
+    end
    describe '.full_snippets_repository_path_regex' do
      subject { described_class.full_snippets_repository_path_regex }

--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -127,6 +127,14 @@ RSpec.describe API::Commits do
        it_behaves_like 'project commits'
      end
+      context 'with incorrect ref_name parameter' do
+        let(:route) { "/projects/#{project_id}/repository/commits?ref_name=-main" }
+        it_behaves_like '400 response' do
+          let(:request) { get api(route, user) }
+        end
+      end
      context "path optional parameter" do
        it "returns project commits matching provided path parameter" do
          path = 'files/ruby/popen.rb'