Since commit
c3b0dec509fe136c5417422f31898b5a4e2d5e02, Git has
disallowed writing a non-commit to refs/heads/* refs. JGit still
allows that, which can put users in a bad situation. For example,
git push origin v1.0:master
pushes the tag object v1.0 to refs/heads/master, instead of the
intended commit object v1.0^{commit}.
Prevent that by validating that the target of the ref points to a
commit object when pushing to refs/heads/*.
Git performs the same check at a lower level (in the RefDatabase). We
could do the same here, but for now let's start conservatively by
handling it in pushes first.
[jn: fleshed out commit message]
Change-Id: I8f98ae6d8acbcd5ef7553ec732bc096cb6eb7c4e
Signed-off-by: Yunjie Li <yunjieli@google.com>
Signed-off-by: Jonathan Nieder <jrn@google.com>
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.internal.storage.dfs.DfsRepositoryDescription;
import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository;
-import org.eclipse.jgit.lib.Constants;
+import org.eclipse.jgit.junit.TestRepository;
import org.eclipse.jgit.lib.NullProgressMonitor;
import org.eclipse.jgit.lib.ObjectId;
-import org.eclipse.jgit.lib.ObjectInserter;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.transport.resolver.ReceivePackFactory;
import org.eclipse.jgit.transport.resolver.ServiceNotAuthorizedException;
private Object ctx = new Object();
private InMemoryRepository server;
private InMemoryRepository client;
- private ObjectId obj1;
- private ObjectId obj2;
+ private ObjectId commit1;
+ private ObjectId commit2;
@Before
public void setUp() throws Exception {
});
uri = testProtocol.register(ctx, server);
- try (ObjectInserter ins = client.newObjectInserter()) {
- obj1 = ins.insert(Constants.OBJ_BLOB, Constants.encode("test"));
- obj2 = ins.insert(Constants.OBJ_BLOB, Constants.encode("file"));
- ins.flush();
+ try (TestRepository<?> clientRepo = new TestRepository<>(client)) {
+ commit1 = clientRepo.commit().noFiles().message("test commit 1")
+ .create();
+ commit2 = clientRepo.commit().noFiles().message("test commit 2")
+ .create();
}
}
List<RemoteRefUpdate> cmds = new ArrayList<>();
cmds.add(new RemoteRefUpdate(
null, null,
- obj1, "refs/heads/one",
+ commit1, "refs/heads/one",
true /* force update */,
null /* no local tracking ref */,
ObjectId.zeroId()));
cmds.add(new RemoteRefUpdate(
null, null,
- obj2, "refs/heads/two",
+ commit2, "refs/heads/two",
true /* force update */,
null /* no local tracking ref */,
ObjectId.zeroId()));
List<RemoteRefUpdate> cmds = new ArrayList<>();
cmds.add(new RemoteRefUpdate(
null, null,
- obj1, "refs/heads/one",
+ commit1, "refs/heads/one",
true /* force update */,
null /* no local tracking ref */,
ObjectId.zeroId()));
cmds.add(new RemoteRefUpdate(
null, null,
- obj2, "refs/heads/two",
+ commit2, "refs/heads/two",
true /* force update */,
null /* no local tracking ref */,
- obj1));
+ commit1));
return cmds;
}
}
import org.eclipse.jgit.internal.storage.dfs.DfsRepositoryDescription;
import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository;
import org.eclipse.jgit.junit.RepositoryTestCase;
-import org.eclipse.jgit.lib.Constants;
+import org.eclipse.jgit.junit.TestRepository;
import org.eclipse.jgit.lib.NullProgressMonitor;
import org.eclipse.jgit.lib.ObjectId;
-import org.eclipse.jgit.lib.ObjectInserter;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.StoredConfig;
import org.eclipse.jgit.revwalk.RevCommit;
private Object ctx = new Object();
private InMemoryRepository server;
private InMemoryRepository client;
- private ObjectId obj1;
- private ObjectId obj2;
+ private ObjectId commit1;
+ private ObjectId commit2;
private ReceivePack receivePack;
@Override
uri = testProtocol.register(ctx, server);
- try (ObjectInserter ins = client.newObjectInserter()) {
- obj1 = ins.insert(Constants.OBJ_BLOB, Constants.encode("test"));
- obj2 = ins.insert(Constants.OBJ_BLOB, Constants.encode("file"));
- ins.flush();
+ try (TestRepository<?> clientRepo = new TestRepository<>(client)) {
+ commit1 = clientRepo.commit().noFiles().message("test commit 1")
+ .create();
+ commit2 = clientRepo.commit().noFiles().message("test commit 2")
+ .create();
}
}
private List<RemoteRefUpdate> commands(boolean atomicSafe)
throws IOException {
List<RemoteRefUpdate> cmds = new ArrayList<>();
- cmds.add(new RemoteRefUpdate(null, null, obj1, "refs/heads/one",
+ cmds.add(new RemoteRefUpdate(null, null, commit1, "refs/heads/one",
true /* force update */, null /* no local tracking ref */,
ObjectId.zeroId()));
- cmds.add(new RemoteRefUpdate(null, null, obj2, "refs/heads/two",
+ cmds.add(new RemoteRefUpdate(null, null, commit2, "refs/heads/two",
true /* force update */, null /* no local tracking ref */,
- atomicSafe ? ObjectId.zeroId() : obj1));
+ atomicSafe ? ObjectId.zeroId() : commit1));
return cmds;
}
noMergeBase=No merge base could be determined. Reason={0}. {1}
noMergeHeadSpecified=No merge head specified
nonBareLinkFilesNotSupported=Link files are not supported with nonbare repos
+nonCommitToHeads=Cannot point a branch to a non-commit object
noPathAttributesFound=No Attributes found for {0}.
noSuchRef=no such ref
noSuchSubmodule=no such submodule {0}
/***/ public String noMergeBase;
/***/ public String noMergeHeadSpecified;
/***/ public String nonBareLinkFilesNotSupported;
+ /***/ public String nonCommitToHeads;
/***/ public String noPathAttributesFound;
/***/ public String noSuchRef;
/***/ public String noSuchSubmodule;
if (cmd.getResult() != Result.NOT_ATTEMPTED)
continue;
+ RevObject newObj = null;
+ if (cmd.getType() == ReceiveCommand.Type.CREATE
+ || cmd.getType() == ReceiveCommand.Type.UPDATE) {
+ try {
+ newObj = walk.parseAny(cmd.getNewId());
+ } catch (IOException e) {
+ cmd.setResult(Result.REJECTED_MISSING_OBJECT,
+ cmd.getNewId().name());
+ continue;
+ }
+ if (cmd.getRefName().startsWith(Constants.R_HEADS)
+ && !(newObj instanceof RevCommit)) {
+ cmd.setResult(Result.REJECTED_OTHER_REASON,
+ JGitText.get().nonCommitToHeads);
+ continue;
+ }
+ }
+
if (cmd.getType() == ReceiveCommand.Type.DELETE) {
if (!isAllowDeletes()) {
// Deletes are not supported on this repository.
// Is this possibly a non-fast-forward style update?
//
- RevObject oldObj, newObj;
+ RevObject oldObj;
try {
oldObj = walk.parseAny(cmd.getOldId());
} catch (IOException e) {
continue;
}
- try {
- newObj = walk.parseAny(cmd.getNewId());
- } catch (IOException e) {
- cmd.setResult(Result.REJECTED_MISSING_OBJECT, cmd
- .getNewId().name());
- continue;
- }
-
if (oldObj instanceof RevCommit && newObj instanceof RevCommit) {
try {
if (walk.isMergedInto((RevCommit) oldObj,
projects / jgit.git / commitdiff