Validation of git ref names per git check-ref-format rules.
Ref names come from the wire protocol on fetch (ls-refs response) and
must be validated at the transport boundary before being joined
into any filesystem path. A hostile or compromised server can
advertise a ref name containing .., an absolute path, a control
character, or other garbage; without validation, that name would
escape the repository root when used in Path.join(root, ref).
Exgit rejects unsafe names at the transport layer (ls_refs/fetch return) and never lets them reach the ref store.
Rules (matching git's C implementation)
- No component may start with
. - No component may end with
.lockor. - No empty component (forbids
//or leading/trailing/) - No
..anywhere - No ASCII control chars (< 0x20), DEL (0x7F)
- No space,
~,^,:,?,*,[,\, or@{ - No bare
@ - Single-component names are rejected unless they are well-known
(
HEAD,FETCH_HEAD,ORIG_HEAD,MERGE_HEAD,CHERRY_PICK_HEAD)
Summary
Functions
Return true iff name is a safe git ref name.