From 505e456f26e11d4ee2f7a807a037b11b59defb1f Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Wed, 6 May 2020 13:08:45 +0200 Subject: [PATCH] Protect default branch against deletion (#11115) Although default branch is not offered for deletion in the templates, we need to prevent it both at the router level and in the pre-receive hook. Co-authored-by: Andrew Thornton Co-authored-by: Lauris BH --- options/locale/locale_en-US.ini | 1 + routers/private/hook.go | 8 ++++++++ routers/repo/branch.go | 6 +++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 37efecbff5..6c98497209 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -1683,6 +1683,7 @@ branch.deleted_by = Deleted by %s branch.restore_success = Branch '%s' has been restored. branch.restore_failed = Failed to restore branch '%s'. branch.protected_deletion_failed = Branch '%s' is protected. It cannot be deleted. +branch.default_deletion_failed = Branch '%s' is the default branch. It cannot be deleted. branch.restore = Restore Branch '%s' branch.download = Download Branch '%s' branch.included_desc = This branch is part of the default branch diff --git a/routers/private/hook.go b/routers/private/hook.go index de2b03e0b2..4b57aff588 100644 --- a/routers/private/hook.go +++ b/routers/private/hook.go @@ -206,6 +206,14 @@ func HookPreReceive(ctx *macaron.Context, opts private.HookOptions) { refFullName := opts.RefFullNames[i] branchName := strings.TrimPrefix(refFullName, git.BranchPrefix) + if branchName == repo.DefaultBranch && newCommitID == git.EmptySHA { + log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo) + ctx.JSON(http.StatusForbidden, map[string]interface{}{ + "err": fmt.Sprintf("branch %s is the default branch and cannot be deleted", branchName), + }) + return + } + protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName) if err != nil { log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err) diff --git a/routers/repo/branch.go b/routers/repo/branch.go index 1664f68ec1..e7eac04bce 100644 --- a/routers/repo/branch.go +++ b/routers/repo/branch.go @@ -57,8 +57,12 @@ func Branches(ctx *context.Context) { // DeleteBranchPost responses for delete merged branch func DeleteBranchPost(ctx *context.Context) { defer redirect(ctx) - branchName := ctx.Query("name") + if branchName == ctx.Repo.Repository.DefaultBranch { + ctx.Flash.Error(ctx.Tr("repo.branch.default_deletion_failed", branchName)) + return + } + isProtected, err := ctx.Repo.Repository.IsProtectedBranch(branchName, ctx.User) if err != nil { log.Error("DeleteBranch: %v", err)