Merge Bug in Bitbucket due to SVN Mirror

Hi Support
we are facing to a Merge Bitbucket bug and after investigation with Atlassian, the root cause seems to be due to SVN Mirror addon.
The problem is that we are able to merge directly through the interface without any Pull Request
Steps to reproduce the bug (please get a look on attached screenshot)
1/ modify a file in the main branch (trhough web interface
2/ click on Commit button
3/ enter a message login and click on commit button
4/ an error message is displayed. Click on cancel button
5/ click on Cancel button
6/ the file is commited (although the modification was cancelled)
7/ No PR created

After zip file analysis from Atlassian, they suspected SVN Mirror addon on. Atlassian analysis

The reason I am asking is that in the profiler log file I can see that as a part of the editing the stash-svn-importer:zzz-svnmirror-6x-hook has been called as well:

2020-01-02 15:15:36,702 | http-nio-7990-exec-197 | @7BUZTVx915x189774690x2 | yperzo | 4escwa
[1096.7ms] - "PUT /rest/api/latest/projects/SPDLIB/repos/vpbb/browse/README.md HTTP/1.1"
[2.2ms] - ApplicationUser com.atlassian.bitbucket.user.UserService.getUserById(int)
[1088.6ms] - Commit com.atlassian.bitbucket.content.ContentService.editFile(EditFileRequest)
[2.2ms] - Ref com.atlassian.bitbucket.repository.RefService.resolveRef(ResolveRefRequest)
[1.8ms] - com.atlassian.stash.internal.scm.git.command.refdb.ResolveGitRefDbCommand.call()
[1083.1ms] - git: edit file README.md
[18.5ms] - git: init 400
[18.1ms] - /bin/git init --quiet /var/atlassian/application-data/bitbucket/tmp/git/vpbb-work3355578706568044200.git
[21.7ms] - git: reset bb93f4fc82d94563d23232c1137c0995094ee394
[21.6ms] - /bin/git reset --quiet bb93f4fc82d94563d23232c1137c0995094ee394 --
[5.4ms] - /bin/git cat-file --batch
2020-01-02 15:15:36,702 | http-nio-7990-exec-197 | @7BUZTVx915x189774690x2 | yperzo | 4escwa
[1096.7ms] - "PUT /rest/api/latest/projects/SPDLIB/repos/vpbb/browse/README.md HTTP/1.1"
[2.2ms] - ApplicationUser com.atlassian.bitbucket.user.UserService.getUserById(int)
[1088.6ms] - Commit com.atlassian.bitbucket.content.ContentService.editFile(EditFileRequest)
[2.2ms] - Ref com.atlassian.bitbucket.repository.RefService.resolveRef(ResolveRefRequest)
 [1.8ms] - com.atlassian.stash.internal.scm.git.command.refdb.ResolveGitRefDbCommand.call()
[1083.1ms] - git: edit file README.md
[18.5ms] - git: init 400
[18.1ms] - /bin/git init --quiet /var/atlassian/application-data/bitbucket/tmp/git/vpbb-work3355578706568044200.git
[21.7ms] - git: reset bb93f4fc82d94563d23232c1137c0995094ee394
[21.6ms] - /bin/git reset --quiet bb93f4fc82d94563d23232c1137c0995094ee394 --
[5.4ms] - /bin/git cat-file --batch
[4.5ms] - /bin/git ls-tree -z HEAD -- README.md
[11.4ms] - /bin/git status --short -- README.md
[47.2ms] - /bin/git -c core.autocrlf=input -c core.safecrlf=warn -c core.symlinks=false commit -m troubleshooting commit 4 -q -- README.md
[970.4ms] - RepositoryHookResult com.atlassian.bitbucket.hook.repository.RepositoryHookService.preUpdate(RepositoryHookRequest)
[1.5ms] - List com.atlassian.stash.internal.repository.RepositoryHookDao.findByKeys(Collection,Collection,boolean)
[1.2ms] - com.atlassian.bitbucket.server.bitbucket-git-lfs:verify-lfs-locks-hook#preUpdate
[7.6ms] - com.atlassian.bitbucket.server.bitbucket-ref-restriction:restrictionEnforcerHook#preUpdate
[2.6ms] [count: 3, avg: 0.9ms] - Set com.atlassian.bitbucket.user.UserService.getUsersById(Set,boolean)
[2.5ms] - com.izymes.workzone:workzone-pushToBranchHook#preUpdate
[2.3ms] - com.atlassian.bitbucket.server.bitbucket-repository-hooks:script-repository-hook#preUpdate
[1.6ms] - List com.atlassian.stash.internal.hook.script.InternalHookScriptService.getSummariesByHookRequest(RepositoryHookRequest,HookScriptType)
[954.7ms] - org.tmatesoft.subgit.stash-svn-importer:zzz-svnmirror-6x-hook#preUpdate
[8.0ms] - /bin/git -c alias.env=!env env'

So there is a possibility that the svn mirror hook disregards the restrictions imposed by Bitbucket. Please try reproducing the issue with svn hook disabled to confirm the suspect.

I confirmed it by disabling addon on a test repo (bug disappear) and confirm that bug appears again when addon reactivate.

Could you please investigate it ?
Thanks for your support
Yann

Hello Yann,

sure, we will investigate it, thank you for reporting this issue. I will inform you as we get any news on that.

Hello Yann,

could you advise please what is the hook on step 4 and which Bitbucket Server version do you use?

Hi Ildar
sorry, which hook ? If it concern this sentence: So there is a possibility that the svn mirror hook disregards the restrictions imposed by Bitbucket. Please try reproducing the issue with svn hook disabled to confirm the suspect., I assume that Atlassian deals with SVN Mirror “hook”
The Bitbucket server version is: 6.3.1
Thanks
Yann

PS: I didn’t receive any notification for this ticket. Do you know why ?

Hi Yann,

on step 4 on the screenshot there is the message that reads “File editing was cancelled by a repository hook”. From that, I’ve got an impression that you have some hook installed and it cancels the commit, is that correct? Or the ‘develop’ branch just set to prevent changes without pull request?
I’m not sure while notification didn’t come, just checked the notifications and haven’t found any issues. Couldn’t it fall to spam on your side?

oh yes, this is the standard Bitbucket hook which block the merge if no Pull Request. Develop branch is our main branch

Hello Yann,

it looks that you hit the known issue with Bitbucket hooks that use Bitbucket Server commit callback API to analyze pushed commits. The matter is that on BB5 and 6 there is no way to guarantee hooks invoking order and because of that it may happen that SVN Mirror hook is being invoked earlier than other hooks, like Bitbucket’s in this case. That leads to that the commit is being translated to SVN before it is rejected by Bitbucket hook that implements branch permissions. Unfortunately, there’s no solution for this issue at this moment, we have involved Atlassian and we are still working on it, but it may take some time to resolve it.

Meanwhile, we tested branch permissions and only managed to reproduce the issue with changes made in Bitbucket UI, all the changes we made in a working copy and pushed directly to the repository were successfully declined. May I ask you have you ever faced this issue when tried to push some changed to a protected branch?

Hello Yann,

from further investigations we’ve figured out that issue (SVN Mirror App hook being executed when it should not) is only reproducible when file is edited in UI.

This is caused by the Bitbucket code that manages hooks execution - in this particular case, when ref update is triggered by FILE_EDIT trigger, “abortOnFirstVeto” flag is set to “false”. This causes all hooks to be executed, despite first one vetoes the change.

There is no explicit API to figure out whether update has been already vetoed from within the hook code, however there are certain side effect that we could rely on. This workaround will fix the issue in the next version of the add-on. It would be great if Bitbucket team could fix the problem on their side as well (set abortOnFirstVeto flag to true for FILE_EDIT ref update trigger or provide an API for the hook to check update veto state).

When changes are pushed with standard “git push” command, SVN Mirror App hook is not executed as update process is aborted on first veto from the branch permissions hook.

We’ll test our fix thoroughly and if all goes well, my colleague will send you the link to the beta build to try.

Hi Alexander
this is a good news
Yes, please let me know when a beta is available for test
Regards
Yann

Hi Yann,

we have implemented a fix for this issue; it hasn’t been released publicly yet, but it’s already ready for release, we have tested it, so we’re ready to provide it to you for your convenience. The new version is available at the following link:

https://teamcity.tmatesoft.com/repository/download/translator_stash_build/17788:id/obfuscated/translator-stash-4.0.7-SNAPSHOT.jar

Hi Idhar
Thanks for your quick support. Do you know when it will be released officially ?
Could you please provide us the the procedure to install the beta version ?
Thanks
Yann

Hi Yann,

no, we don’t yet have schedule for the release.
The add-on can be installed manually on the Administration - Manage Apps page. Click “Upload app” ling on the page, then select the jar file and click “Upload”.