From fb21157fc605ced7a8f9f74f3fda59a15cbaca92 Mon Sep 17 00:00:00 2001
From: Patrick Hiesel <hiesel@google.com>
Date: Tue, 29 Aug 2017 09:17:57 +0200
Subject: [PATCH] Prevent the creation of new projects containing delimiters in
 names

Prevent the creation of new projects containing either /+ (the new
delimiter in the change API) or ~ (the triplet delimiter) and add a test
for new and existing patterns.

This does not affect existing projects but it is highly encouraged to
migrate existing projects containing either of those strings.

Change-Id: Iad26554a3f18487e0d0cde6bb23899d2269d5931
---
 .../acceptance/rest/project/CreateProjectIT.java    | 13 ++++++++++++-
 .../server/git/LocalDiskRepositoryManager.java      |  4 +++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java
index 4f69172867..7640328cbf 100644
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java
@@ -15,9 +15,11 @@
 package com.google.gerrit.acceptance.rest.project;
 
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
 import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertProjectInfo;
 import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertProjectOwners;
 
+import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 import com.google.common.net.HttpHeaders;
@@ -41,6 +43,7 @@ import com.google.gerrit.server.group.SystemGroupBackend;
 import com.google.gerrit.server.project.ProjectState;
 import java.util.Collections;
 import java.util.Set;
+import org.apache.http.HttpStatus;
 import org.apache.http.message.BasicHeader;
 import org.eclipse.jgit.lib.Constants;
 import org.eclipse.jgit.lib.Repository;
@@ -84,7 +87,15 @@ public class CreateProjectIT extends AbstractDaemonTest {
   @Test
   @UseLocalDisk
   public void createProjectHttpWithUnreasonableName_BadRequest() throws Exception {
-    adminRestSession.put("/projects/" + Url.encode(name("invalid/../name"))).assertBadRequest();
+    ImmutableList<String> forbiddenStrings =
+        ImmutableList.of(
+            "/../", "/./", "//", ".git/", "?", "%", "*", ":", "<", ">", "|", "$", "/+", "~");
+    for (String s : forbiddenStrings) {
+      String projectName = name("invalid" + s + "name");
+      assertWithMessage("Expected status code for " + projectName + " to be 400.")
+          .that(adminRestSession.put("/projects/" + Url.encode(projectName)).getStatusCode())
+          .isEqualTo(HttpStatus.SC_BAD_REQUEST);
+    }
   }
 
   @Test
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/git/LocalDiskRepositoryManager.java b/gerrit-server/src/main/java/com/google/gerrit/server/git/LocalDiskRepositoryManager.java
index 276de9e173..50f49754ee 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/LocalDiskRepositoryManager.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/LocalDiskRepositoryManager.java
@@ -274,7 +274,9 @@ public class LocalDiskRepositoryManager implements GitRepositoryManager {
         || name.contains(">") // redirect output
         || name.contains("|") // pipe
         || name.contains("$") // dollar sign
-        || name.contains("\r"); // carriage return
+        || name.contains("\r") // carriage return
+        || name.contains("/+") // delimiter in /changes/
+        || name.contains("~"); // delimiter in /changes/
   }
 
   @Override