From 9d08dc994d51298e2d8e75d8ed4ee477312ec53a Mon Sep 17 00:00:00 2001
From: Runxi Yu
Date: Sat, 7 Mar 2026 15:08:14 +0800
Subject: ref/refname: Add refname validation

---
 ref/refname/safe.go | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 ref/refname/safe.go

(limited to 'ref/refname/safe.go')

diff --git a/ref/refname/safe.go b/ref/refname/safe.go
new file mode 100644
index 00000000..b36d3b2f
--- /dev/null
+++ b/ref/refname/safe.go
@@ -0,0 +1,31 @@
+package refname
+
+import "strings"
+
+// IsSafe reports whether name is one safe refname for direct filesystem
+// operations; see refname_is_safe.
+func IsSafe(name string) bool {
+	rest, ok := strings.CutPrefix(name, "refs/")
+	if ok {
+		if rest == "" || rest[0] == '/' || rest[len(rest)-1] == '/' {
+			return false
+		}
+
+		normalized, normOK := normalizeRefPath(rest)
+
+		return normOK && normalized == rest
+	}
+
+	if name == "" {
+		return false
+	}
+
+	for i := range len(name) {
+		ch := name[i]
+		if (ch < 'A' || ch > 'Z') && ch != '_' {
+			return false
+		}
+	}
+
+	return true
+}
-- 
cgit v1.3.1-10-gc9f91