opendev/gerrit
Code Issues Proposed changes

Don't retrieve subgroups of not existing group

Browse Source 
Until recently, trying to retrieve the subgroups of a not existing
group simply resulted in an empty collection being returned. That
behavior was exploited in IncludingGroupMembership.

Change-Id: Ie9319a8b705431a53ae4123453cc687444b1bd22
This commit is contained in:
Alice Kober-Sotzek
2017-08-10 15:16:19 +02:00
parent 1b15877db6
commit 834fe7bebd
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
gerrit-server/src/main/java/com/google/gerrit/server/account/IncludingGroupMembership.java
View File

@@ -40,13 +40,16 @@ public class IncludingGroupMembership implements GroupMembership {
IncludingGroupMembership create(IdentifiedUser user); IncludingGroupMembership create(IdentifiedUser user);
} }
private final GroupCache groupCache;
private final GroupIncludeCache includeCache; private final GroupIncludeCache includeCache;
private final IdentifiedUser user; private final IdentifiedUser user;
private final Map<AccountGroup.UUID, Boolean> memberOf; private final Map<AccountGroup.UUID, Boolean> memberOf;
private Set<AccountGroup.UUID> knownGroups; private Set<AccountGroup.UUID> knownGroups;
@Inject @Inject
IncludingGroupMembership(GroupIncludeCache includeCache, @Assisted IdentifiedUser user) { IncludingGroupMembership(
GroupCache groupCache, GroupIncludeCache includeCache, @Assisted IdentifiedUser user) {
this.groupCache = groupCache;
this.includeCache = includeCache; this.includeCache = includeCache;
this.user = user; this.user = user;
@@ -88,6 +91,10 @@ public class IncludingGroupMembership implements GroupMembership {
} }
memberOf.put(id, false); memberOf.put(id, false);
AccountGroup group = groupCache.get(id);
if (group == null) {
continue;
}
if (search(includeCache.subgroupsOf(id))) { if (search(includeCache.subgroupsOf(id))) {
memberOf.put(id, true); memberOf.put(id, true);
return true; return true;