go-git-ref-bug

command module

v0.0.0-...-b1afa83 Latest Latest Go to latest Published: Jun 30, 2019 License: ISC Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/thecjharries/go-git-ref-bug

Links

Open Source Insights

README ¶

`go-git` Ref Name Issue

There's currently no ref name validation which can cause some interesting problems. PR forthcoming.

TL;DR: bug_demo.go

Background

git has a few naming stipulations. I didn't actually realize how detailed they were until I starting messing around with this earlier today.

`go-git`

Pertinent Files

Useful Examples

These are the files I copypasta'd together for the bug demo.

The Demo

What Happened

tbh I think I lucked into one of the more fun edge cases. The setup is fairly straight forward. I'm going to describe what I'm doing in terms of git commands but I'm actually using go-git.

I create a repo using git init (or open an existing one but I don't recommend that; you will lose files).
I make a commit on master to move the HEAD
I establish that go-git isn't restricting ref names by creating this one: new-..bad\.branch//name.
I create a new branch using that name.
I attempt to make another commit but at this point the whole thing is hosed. The current ref, new-..bad\.branch//name., is a combination of a bunch of things that mess git up.

Why This Matters

There were some very interesting side effects that popped up, including losting files in the active directory. The first version is worth poking around at. Aside from quirks, suppose your automation pipeline injects some garbage to the ref name overnight and completely mucks up git processes?

Solution

Discovering the Affected Code

Because this is a huge project, fixing this has to be done surgically with as few changes to the underlying API as possible. That's rough. The best place to start is with ReferenceName, the type that runs this. AFAIK I can tell, given its widespread use as as a function (e.g. plumbing.ReferenceName("my-ref")), the best way to handle it would be to convert it from a string to a func(string) string.

I spent a lot of time on this trying to track down the problem. I also spent a lot of time attempting to fix it in place, which didn't work out as well as I would have liked. I'll be submitting a PR for this ASAP.

Benchmarks

I spent a ton of time playing around with benchmarks. I'd love to about how to improve them! I tried to add a fair amount of randomness to the process.

The build pipeline is the best place to scope those.