don't allow object hashes in excludes (#450)

Author: Byron

git-refspec/src/parse.rs

@@ -6,6 +6,8 @@ pub enum Error {
     NegativeWithDestination,
     #[error("Negative specs must not be empty")]
     NegativeEmpty,
+    #[error("Negative specs must be object hashes")]
+    NegativeObjectHash,
     #[error("Cannot push into an empty destination")]
     PushToEmpty,
     #[error("glob patterns may only involved a single '*' character, found {pattern:?}")]
@@ -88,8 +90,17 @@ pub(crate) mod function {
             }
         };
 
-        if mode == Mode::Negative && src.is_none() {
-            return Err(Error::NegativeEmpty);
+        if mode == Mode::Negative {
+            match src {
+                Some(spec) => {
+                    if spec.len() >= git_hash::Kind::shortest().len_in_hex()
+                        && spec.iter().all(|b| b.is_ascii_hexdigit())
+                    {
+                        return Err(Error::NegativeObjectHash);
+                    }
+                }
+                None => return Err(Error::NegativeEmpty),
+            }
         }
 
         if let Some(spec) = src.as_mut() {

git-refspec/tests/parse/invalid.rs

@@ -13,6 +13,16 @@ fn negative_must_not_be_empty() {
     }
 }
 
+#[test]
+fn negative_must_not_be_object_hash() {
+    for op in [Operation::Fetch, Operation::Push] {
+        assert!(matches!(
+            try_parse("^e69de29bb2d1d6434b8b29ae775ad8c2e48c5391", op).unwrap_err(),
+            Error::NegativeObjectHash
+        ));
+    }
+}
+
 #[test]
 fn negative_with_destination() {
     for op in [Operation::Fetch, Operation::Push] {