(°▽°)❥ java jgit-fiddling.java
Testing valid ref: refs/heads/master...true
Testing valid ref: refs/master...true
Testing valid ref: 💩...false

remote.NAME.receivepack
:   Path of the `git-receive-pack` executable on the remote
    system, if using the SSH transport.

    Defaults to `git-receive-pack`.

remote.NAME.uploadpack
:   Path of the `git-upload-pack` executable on the remote system,
    if using the SSH transport.

    Defaults to `git-upload-pack`.

static int check_or_sanitize_refname(const char *refname, int flags,
                                     struct strbuf *sanitized)
{
...
        if (!(flags & REFNAME_ALLOW_ONELEVEL) && component_count < 2)
                return -1; /* Refname has only one component. */
        return 0;

$ git remote -v
origin	ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git (fetch)
origin	ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git (push)

$ git push origin HEAD:refs/firstlevel
Locking support detected on remote "origin". Consider enabling it with:
  $ git config lfs.https://gerrit.wikimedia.org/test/gerrit-ping.git/info/lfs.locksverify true
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
remote: Processing changes: refs: 1, done    
To ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git
 * [new reference]   HEAD -> refs/firstlevel

)$ ssh -p 29418 gerrit.wikimedia.org replication start test/gerrit-ping --wait
Error: Failed replicate of refs/firstlevel to gerrit2@gerrit2002.wikimedia.org:/srv/gerrit/git/test/gerrit-ping.git, reason: funny refname
Replicate test/gerrit-ping ref ..all.. to gerrit2002.wikimedia.org, FAILED! (REJECTED_OTHER_REASON)
Replicate test/gerrit-ping ref ..all.. to github.com, Succeeded! (OK)
Replication of test/gerrit-ping ref ..all.. completed to 2 nodes, 
----------------------------------------------
Replication completed with some errors!

@Test
public void testMustRejectOneLevel() {
    assertValid(false, "refs/firstlevel");
}

$ bazel test //org.eclipse.jgit.test:org_eclipse_jgit_lib_ValidRefNameTest
...
Test output for //org.eclipse.jgit.test:org_eclipse_jgit_lib_ValidRefNameTest:
JUnit4 Test Runner
........E...............
Time: 0.14
There was 1 failure:
1) testMustRejectOneLevel(org.eclipse.jgit.lib.ValidRefNameTest)
java.lang.AssertionError: "refs/firstlevel" expected:<false> but was:<true>
	at org.junit.Assert.fail(Assert.java:89)
	at org.junit.Assert.failNotEquals(Assert.java:835)
	at org.junit.Assert.assertEquals(Assert.java:120)
	at org.eclipse.jgit.junit.Assert.assertEquals(Assert.java:44)
	at org.eclipse.jgit.lib.ValidRefNameTest.assertValid(ValidRefNameTest.java:25)
	at org.eclipse.jgit.lib.ValidRefNameTest.testMustRejectOneLevel(ValidRefNameTest.java:98)

--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/ReceivePackTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/ReceivePackTest.java
@@ -55,12 +55,12 @@ public class ReceivePackTest {
        public void parseCommand() throws Exception {
                String o = "0000000000000000000000000000000000000000";
                String n = "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef";
-               String r = "refs/heads/master";
+               String r = "refs/master";
                ReceiveCommand cmd = ReceivePack.parseCommand(o + " " + n + " " + r);
                assertEquals(ObjectId.zeroId(), cmd.getOldId());
                assertEquals("deadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
                                cmd.getNewId().name());
-               assertEquals("refs/heads/master", cmd.getRefName());
+               assertEquals("refs/master", cmd.getRefName());
 
                assertParseCommandFails(null);
                assertParseCommandFails("");

$ bazel test //org.eclipse.jgit.test:org_eclipse_jgit_transport_ReceivePackTest
...
//org.eclipse.jgit.test:org_eclipse_jgit_transport_ReceivePackTest       PASSED in 0.6s

Executed 1 out of 1 test: 1 test passes.

Error 400 (Bad Request): com.google.gerrit.exceptions.InvalidNameException: Invalid Name: ^refs/[^/]*
Endpoint: /projects/*/access

[access "^refs/[^/]+"]
	create = block group Registered Users

$ git push origin origin/master:refs/master
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
remote: error: branch refs/master:
remote: You need 'Create' rights to create new references.
remote: User: hashar
remote: Contact an administrator to fix the permissions
remote: Processing changes: refs: 1, done    
To ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git
 ! [remote rejected] origin/master -> refs/master (prohibited by Gerrit: not permitted: create)
error: failed to push some refs to 'ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git'

$ git push origin origin/master:refs/heads/master3
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Processing changes: refs: 1, done    
To ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git
 * [new branch]      origin/master -> master3

$ git commit -m 'Can I forge a review?' --allow-empty
[master e8464dc] Can I forge a review?
$ git push origin HEAD:refs/for/master
Enumerating objects: 1, done.
Counting objects: 100% (1/1), done.
Writing objects: 100% (1/1), 231 bytes | 231.00 KiB/s, done.
Total 1 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Processing changes: refs: 1, new: 1, done    
remote: 
remote: SUCCESS
remote: 
remote:   https://gerrit.wikimedia.org/r/c/test/gerrit-ping/+/1194200 Can I forge a review? [NEW]
remote: 
To ssh://gerrit.wikimedia.org:29418/test/gerrit-ping.git
 * [new reference]   HEAD -> refs/for/master