Exgit.RefName (exgit v0.1.0)

Copy Markdown View Source

Validation of git ref names per git check-ref-format rules.

Ref names come from the wire protocol on fetch (ls-refs response) and must be validated at the transport boundary before being joined into any filesystem path. A hostile or compromised server can advertise a ref name containing .., an absolute path, a control character, or other garbage; without validation, that name would escape the repository root when used in Path.join(root, ref).

Exgit rejects unsafe names at the transport layer (ls_refs/fetch return) and never lets them reach the ref store.

Rules (matching git's C implementation)

  • No component may start with .
  • No component may end with .lock or .
  • No empty component (forbids // or leading/trailing /)
  • No .. anywhere
  • No ASCII control chars (< 0x20), DEL (0x7F)
  • No space, ~, ^, :, ?, *, [, \, or @{
  • No bare @
  • Single-component names are rejected unless they are well-known (HEAD, FETCH_HEAD, ORIG_HEAD, MERGE_HEAD, CHERRY_PICK_HEAD)

Summary

Functions

Return true iff name is a safe git ref name.

Functions

valid?(name)

@spec valid?(term()) :: boolean()

Return true iff name is a safe git ref name.