opendev/gerrit
Code Issues Proposed changes

Avoid magic meaning of Integer.MIN_VALUE during access evaluation

Browse Source 
As part of the security review, Julien Tinnes identified the use of
a magic value that controlled whether or not the inherited rules
are to be applied to a project.  Using a magic value for security
related things isn't a recommended practice.  Replace the magic
meaning of Integer.MIN_VALUE with a boolean, removing the risk that
a RefRight object has used the same magic value.

Change-Id: Iea8359afae62aa74f3b81f16668f83dc5e2f3cb5
Suggested-by: Julien Tinnes
Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
2010-05-11 11:25:42 -07:00
parent 8fa42c6cc8
commit 7dcb1e925f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectControl.java
View File

@@ -154,14 +154,16 @@ public class ProjectControl {
short requireValue) {
final Set<AccountGroup.Id> groups = user.getEffectiveGroups();
int val = Integer.MIN_VALUE;
boolean local = false;
for (final RefRight pr : state.getLocalRights(actionId)) {
if (groups.contains(pr.getAccountGroupId())) {
val = Math.max(pr.getMaxValue(), val);
local = true;
}
}
if (val == Integer.MIN_VALUE && actionId.canInheritFromWildProject()) {
if (!local && actionId.canInheritFromWildProject()) {
for (final RefRight pr : state.getInheritedRights(actionId)) {
if (groups.contains(pr.getAccountGroupId())) {
val = Math.max(pr.getMaxValue(), val);