Commit 11dd9d6e authored by Robert Speicher's avatar Robert Speicher

Resolve possible cherry pick API race condition

Previously, we just fetched the latest commit for the given branch when
presenting the resulting commit, but because something could have been
committed to that branch between the time we cherry-picked and the time
we render the result, the wrong commit could have been presented.

Now, we fetch the commit object with the commit SHA returned by the
commit change service, which should always be the correct commit.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53773
parent 57cee176
---
title: Resolve possible cherry pick API race condition
merge_request:
author:
type: fixed
...@@ -194,11 +194,13 @@ module API ...@@ -194,11 +194,13 @@ module API
branch_name: params[:branch] branch_name: params[:branch]
} }
result = ::Commits::CherryPickService.new(user_project, current_user, commit_params).execute result = ::Commits::CherryPickService
.new(user_project, current_user, commit_params)
.execute
if result[:status] == :success if result[:status] == :success
branch = find_branch!(params[:branch]) present user_project.repository.commit(result[:result]),
present user_project.repository.commit(branch.dereferenced_target), with: Entities::Commit with: Entities::Commit
else else
render_api_error!(result[:message], 400) render_api_error!(result[:message], 400)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment