check-ref-format --branch: do not expand @{...} outside repository

Running "git check-ref-format --branch @{-1}" from outside any
repository produces

	$ git check-ref-format --branch @{-1}
	BUG: environment.c:182: git environment hasn't been setup

This is because the expansion of @{-1} must come from the HEAD reflog,
which involves opening the repository.  @{u} and @{push} (which are
more unusual because they typically would not expand to a local
branch) trigger the same assertion.

This has been broken since day one.  Before v2.13.0-rc0~48^2
(setup_git_env: avoid blind fall-back to ".git", 2016-10-02), the
breakage was more subtle: Git would read reflogs from ".git" within
the current directory even if it was not a valid repository.  Usually
that is harmless because Git is not being run from the root directory
of an invalid repository, but in edge cases such accesses can be
confusing or harmful.  Since v2.13.0, the problem is easier to
diagnose because Git aborts with a BUG message.

Erroring out is the right behavior: when asked to interpret a branch
name like "@{-1}", there is no reasonable answer in this context.
But we should print a message saying so instead of an assertion failure.

We do not forbid "check-ref-format --branch" from outside a repository
altogether because it is ok for a script to pre-process branch
arguments without @{...} in such a context.  For example, with
pre-2.13 Git, a script that does

	branch='master'; # default value
	parse_options
	branch=$(git check-ref-format --branch "$branch")

to normalize an optional branch name provided by the user would work
both inside a repository (where the user could provide '@{-1}') and
outside (where '@{-1}' should not be accepted).

So disable the "expand @{...}" half of the feature when run outside a
repository, but keep the check of the syntax of a proposed branch
name. This way, when run from outside a repository, "git
check-ref-format --branch @{-1}" will gracefully fail:

	$ git check-ref-format --branch @{-1}
	fatal: '@{-1}' is not a valid branch name

and "git check-ref-format --branch master" will succeed as before:

	$ git check-ref-format --branch master
	master

restoring the usual pre-2.13 behavior.

[jn: split out from a larger patch; moved conditional to
 strbuf_check_branch_ref instead of its caller; fleshed out commit
 message; some style tweaks in tests]

Reported-by: Marko Kungla <marko.kungla@gmail.com>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Junio C Hamano 2017-10-17 00:08:08 -07:00
parent 08f9c32463
commit 7c3f847aad
2 changed files with 20 additions and 1 deletions

View File

@ -1321,7 +1321,10 @@ void strbuf_branchname(struct strbuf *sb, const char *name, unsigned allowed)
int strbuf_check_branch_ref(struct strbuf *sb, const char *name)
{
strbuf_branchname(sb, name, INTERPRET_BRANCH_LOCAL);
if (startup_info->have_repository)
strbuf_branchname(sb, name, INTERPRET_BRANCH_LOCAL);
else
strbuf_addstr(sb, name);
if (name[0] == '-')
return -1;
strbuf_splice(sb, 0, 0, "refs/heads/", 11);

View File

@ -144,6 +144,11 @@ test_expect_success "check-ref-format --branch @{-1}" '
refname2=$(git check-ref-format --branch @{-2}) &&
test "$refname2" = master'
test_expect_success 'check-ref-format --branch -naster' '
test_must_fail git check-ref-format --branch -naster >actual &&
test_must_be_empty actual
'
test_expect_success 'check-ref-format --branch from subdir' '
mkdir subdir &&
@ -161,6 +166,17 @@ test_expect_success 'check-ref-format --branch from subdir' '
test "$refname" = "$sha1"
'
test_expect_success 'check-ref-format --branch @{-1} from non-repo' '
nongit test_must_fail git check-ref-format --branch @{-1} >actual &&
test_must_be_empty actual
'
test_expect_success 'check-ref-format --branch master from non-repo' '
echo master >expect &&
nongit git check-ref-format --branch master >actual &&
test_cmp expect actual
'
valid_ref_normalized() {
prereq=
case $1 in