opendev/gerrit
Code Issues Proposed changes

Tighten UUID regexp used to check if a group is internal

Browse Source 
The regular expression in AccountGroup.isInternalGroup() used
to determine whether a group identified by a particular UUID
is an internal Gerrit group was sloppy in that any UUID
containing a 40 (or more) character hex digit sequence anywhere
in the string was deemed an internal group. While very unlikely,
the expression could falsely match UUIDs from other systems.

Change-Id: Ie7cc56754bc11a6526fa1f35ea449e11b6c47a30
This commit is contained in:
Magnus Bäck
2012-06-25 10:31:09 -04:00
parent 8ddb12edcb
commit 7cded9acf6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java
View File

@@ -82,7 +82,7 @@ public final class AccountGroup {
/** @return true if the UUID is for a group managed within Gerrit. */
public static boolean isInternalGroup(AccountGroup.UUID uuid) {
return uuid.get().startsWith("global:")
|| uuid.get().matches("[0-9a-f]{40}");
|| uuid.get().matches("^[0-9a-f]{40}$");
}
/** Synthetic key to link to within the database */