opendev/gerrit
Code Issues Proposed changes

Merge "Prevent the creation of new projects containing delimiters in names"

Browse Source
This commit is contained in:
David Pursehouse
2017-08-31 12:41:24 +00:00
committed by Gerrit Code Review
parent 47dd7bae90 fb21157fc6
commit 54c4328403
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/rest/project/CreateProjectIT.java
View File

@@ -15,9 +15,11 @@
package com.google.gerrit.acceptance.rest.project; package com.google.gerrit.acceptance.rest.project;
import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertProjectInfo; import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertProjectInfo;
import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertProjectOwners; import static com.google.gerrit.acceptance.rest.project.ProjectAssert.assertProjectOwners;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import com.google.common.net.HttpHeaders; import com.google.common.net.HttpHeaders;
@@ -41,6 +43,7 @@ import com.google.gerrit.server.group.SystemGroupBackend;
import com.google.gerrit.server.project.ProjectState; import com.google.gerrit.server.project.ProjectState;
import java.util.Collections; import java.util.Collections;
import java.util.Set; import java.util.Set;
import org.apache.http.HttpStatus;
import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicHeader;
import org.eclipse.jgit.lib.Constants; import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.Repository; import org.eclipse.jgit.lib.Repository;
@@ -84,7 +87,15 @@ public class CreateProjectIT extends AbstractDaemonTest {
@Test @Test
@UseLocalDisk @UseLocalDisk
public void createProjectHttpWithUnreasonableName_BadRequest() throws Exception { public void createProjectHttpWithUnreasonableName_BadRequest() throws Exception {
adminRestSession.put("/projects/" + Url.encode(name("invalid/../name"))).assertBadRequest(); ImmutableList<String> forbiddenStrings =
ImmutableList.of(
"/../", "/./", "//", ".git/", "?", "%", "*", ":", "<", ">", "|", "$", "/+", "~");
for (String s : forbiddenStrings) {
String projectName = name("invalid" + s + "name");
assertWithMessage("Expected status code for " + projectName + " to be 400.")
.that(adminRestSession.put("/projects/" + Url.encode(projectName)).getStatusCode())
.isEqualTo(HttpStatus.SC_BAD_REQUEST);
}
} }
@Test @Test

4
gerrit-server/src/main/java/com/google/gerrit/server/git/LocalDiskRepositoryManager.java
View File

@@ -274,7 +274,9 @@ public class LocalDiskRepositoryManager implements GitRepositoryManager {
|| name.contains(">") // redirect output || name.contains(">") // redirect output
|| name.contains("|") // pipe || name.contains("|") // pipe
|| name.contains("$") // dollar sign || name.contains("$") // dollar sign
|| name.contains("\r"); // carriage return || name.contains("\r") // carriage return
|| name.contains("/+") // delimiter in /changes/
|| name.contains("~"); // delimiter in /changes/
} }
@Override @Override