From 505e456f26e11d4ee2f7a807a037b11b59defb1f Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Wed, 6 May 2020 13:08:45 +0200
Subject: [PATCH] Protect default branch against deletion (#11115)

Although default branch is not offered for deletion in the templates, we need to prevent it both at the router level and in the pre-receive hook.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
---
 options/locale/locale_en-US.ini | 1 +
 routers/private/hook.go         | 8 ++++++++
 routers/repo/branch.go          | 6 +++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 37efecbff56d..6c984972095b 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1683,6 +1683,7 @@ branch.deleted_by = Deleted by %s
 branch.restore_success = Branch '%s' has been restored.
 branch.restore_failed = Failed to restore branch '%s'.
 branch.protected_deletion_failed = Branch '%s' is protected. It cannot be deleted.
+branch.default_deletion_failed = Branch '%s' is the default branch. It cannot be deleted.
 branch.restore = Restore Branch '%s'
 branch.download = Download Branch '%s'
 branch.included_desc = This branch is part of the default branch
diff --git a/routers/private/hook.go b/routers/private/hook.go
index de2b03e0b2e6..4b57aff588f5 100644
--- a/routers/private/hook.go
+++ b/routers/private/hook.go
@@ -206,6 +206,14 @@ func HookPreReceive(ctx *macaron.Context, opts private.HookOptions) {
 		refFullName := opts.RefFullNames[i]
 
 		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
+		if branchName == repo.DefaultBranch && newCommitID == git.EmptySHA {
+			log.Warn("Forbidden: Branch: %s is the default branch in %-v and cannot be deleted", branchName, repo)
+			ctx.JSON(http.StatusForbidden, map[string]interface{}{
+				"err": fmt.Sprintf("branch %s is the default branch and cannot be deleted", branchName),
+			})
+			return
+		}
+
 		protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName)
 		if err != nil {
 			log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)
diff --git a/routers/repo/branch.go b/routers/repo/branch.go
index 1664f68ec19d..e7eac04bce51 100644
--- a/routers/repo/branch.go
+++ b/routers/repo/branch.go
@@ -57,8 +57,12 @@ func Branches(ctx *context.Context) {
 // DeleteBranchPost responses for delete merged branch
 func DeleteBranchPost(ctx *context.Context) {
 	defer redirect(ctx)
-
 	branchName := ctx.Query("name")
+	if branchName == ctx.Repo.Repository.DefaultBranch {
+		ctx.Flash.Error(ctx.Tr("repo.branch.default_deletion_failed", branchName))
+		return
+	}
+
 	isProtected, err := ctx.Repo.Repository.IsProtectedBranch(branchName, ctx.User)
 	if err != nil {
 		log.Error("DeleteBranch: %v", err)