From: James Moger Date: Sun, 7 Sep 2014 16:53:08 +0000 (-0400) Subject: Merge branch 'ticket/164' into develop X-Git-Tag: v1.7.0~1^2~175 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=f7174e6984c08a153d1ba198c4bffe68c5afd873;p=gitblit.git Merge branch 'ticket/164' into develop --- f7174e6984c08a153d1ba198c4bffe68c5afd873 diff --cc .classpath index 53faa536,a6b40100..61f3a970 --- a/.classpath +++ b/.classpath @@@ -75,8 -75,9 +75,9 @@@ - + + diff --cc build.moxie index ea2763c4,c558c520..6b6c0085 --- a/build.moxie +++ b/build.moxie @@@ -170,14 -168,15 +170,15 @@@ dependencies - compile 'org.apache.commons:commons-compress:1.4.1' :war - compile 'commons-io:commons-io:2.2' :war - compile 'com.force.api:force-partner-api:24.0.0' :war -- compile 'org.freemarker:freemarker:2.3.19' :war +- compile 'org.freemarker:freemarker:2.3.20' :war - compile 'com.github.dblock.waffle:waffle-jna:1.5' :war - compile 'org.kohsuke:libpam4j:1.7' :war -- compile 'args4j:args4j:2.0.26' :war :fedclient :authority +- compile 'args4j:args4j:2.0.26' :war :fedclient - compile 'commons-codec:commons-codec:1.7' :war - compile 'redis.clients:jedis:2.3.1' :war -- compile 'ro.fortsoft.pf4j:pf4j:0.8.0' :war +- compile 'ro.fortsoft.pf4j:pf4j:0.9.0' :war - compile 'org.apache.tika:tika-core:1.5' :war + - compile 'org.jsoup:jsoup:1.7.3' :war - test 'junit' # Dependencies for Selenium web page testing - test 'org.seleniumhq.selenium:selenium-java:${selenium.version}' @jar diff --cc src/main/java/com/gitblit/FederationClient.java index 822e8a7f,079355ef..487080e5 --- a/src/main/java/com/gitblit/FederationClient.java +++ b/src/main/java/com/gitblit/FederationClient.java @@@ -1,189 -1,192 +1,192 @@@ -/* - * Copyright 2011 gitblit.com. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gitblit; - -import java.io.File; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.kohsuke.args4j.CmdLineException; -import org.kohsuke.args4j.CmdLineParser; -import org.kohsuke.args4j.Option; - -import com.gitblit.manager.FederationManager; -import com.gitblit.manager.GitblitManager; -import com.gitblit.manager.IGitblit; -import com.gitblit.manager.INotificationManager; -import com.gitblit.manager.RepositoryManager; -import com.gitblit.manager.RuntimeManager; -import com.gitblit.manager.UserManager; -import com.gitblit.models.FederationModel; -import com.gitblit.models.Mailing; -import com.gitblit.service.FederationPullService; -import com.gitblit.utils.FederationUtils; -import com.gitblit.utils.StringUtils; -import com.gitblit.utils.XssFilter; -import com.gitblit.utils.XssFilter.AllowXssFilter; - -/** - * Command-line client to pull federated Gitblit repositories. - * - * @author James Moger - * - */ -public class FederationClient { - - public static void main(String[] args) { - Params params = new Params(); - CmdLineParser parser = new CmdLineParser(params); - try { - parser.parseArgument(args); - } catch (CmdLineException t) { - usage(parser, t); - } - - System.out.println("Gitblit Federation Client v" + Constants.getVersion() + " (" + Constants.getBuildDate() + ")"); - - // command-line specified base folder - File baseFolder = new File(System.getProperty("user.dir")); - if (!StringUtils.isEmpty(params.baseFolder)) { - baseFolder = new File(params.baseFolder); - } - - File regFile = com.gitblit.utils.FileUtils.resolveParameter(Constants.baseFolder$, baseFolder, params.registrationsFile); - FileSettings settings = new FileSettings(regFile.getAbsolutePath()); - List registrations = new ArrayList(); - if (StringUtils.isEmpty(params.url)) { - registrations.addAll(FederationUtils.getFederationRegistrations(settings)); - } else { - if (StringUtils.isEmpty(params.token)) { - System.out.println("Must specify --token parameter!"); - System.exit(0); - } - FederationModel model = new FederationModel("Gitblit"); - model.url = params.url; - model.token = params.token; - model.mirror = params.mirror; - model.bare = params.bare; - model.folder = ""; - registrations.add(model); - } - if (registrations.size() == 0) { - System.out.println("No Federation Registrations! Nothing to do."); - System.exit(0); - } - - // command-line specified repositories folder - if (!StringUtils.isEmpty(params.repositoriesFolder)) { - settings.overrideSetting(Keys.git.repositoriesFolder, new File( - params.repositoriesFolder).getAbsolutePath()); - } - - // configure the Gitblit singleton for minimal, non-server operation - XssFilter xssFilter = new AllowXssFilter(); - RuntimeManager runtime = new RuntimeManager(settings, xssFilter, baseFolder).start(); - NoopNotificationManager notifications = new NoopNotificationManager().start(); - UserManager users = new UserManager(runtime, null).start(); - RepositoryManager repositories = new RepositoryManager(runtime, null, users).start(); - FederationManager federation = new FederationManager(runtime, notifications, repositories).start(); - IGitblit gitblit = new GitblitManager(runtime, null, notifications, users, null, null, repositories, null, federation); - - FederationPullService puller = new FederationPullService(gitblit, federation.getFederationRegistrations()) { - @Override - public void reschedule(FederationModel registration) { - // NOOP - } - }; - puller.run(); - - System.out.println("Finished."); - System.exit(0); - } - - private static void usage(CmdLineParser parser, CmdLineException t) { - System.out.println(Constants.getGitBlitVersion()); - System.out.println(); - if (t != null) { - System.out.println(t.getMessage()); - System.out.println(); - } - - if (parser != null) { - parser.printUsage(System.out); - } - System.exit(0); - } - - /** - * Parameters class for FederationClient. - */ - private static class Params { - - @Option(name = "--registrations", usage = "Gitblit Federation Registrations File", metaVar = "FILE") - public String registrationsFile = "${baseFolder}/federation.properties"; - - @Option(name = "--url", usage = "URL of Gitblit instance to mirror from", metaVar = "URL") - public String url; - - @Option(name = "--mirror", usage = "Mirror repositories") - public boolean mirror; - - @Option(name = "--bare", usage = "Create bare repositories") - public boolean bare; - - @Option(name = "--token", usage = "Federation Token", metaVar = "TOKEN") - public String token; - - @Option(name = "--baseFolder", usage = "Base folder for received data", metaVar = "PATH") - public String baseFolder; - - @Option(name = "--repositoriesFolder", usage = "Destination folder for cloned repositories", metaVar = "PATH") - public String repositoriesFolder; - - } - - private static class NoopNotificationManager implements INotificationManager { - - @Override - public NoopNotificationManager start() { - return this; - } - - @Override - public NoopNotificationManager stop() { - return this; - } - - @Override - public boolean isSendingMail() { - return false; - } - - @Override - public void sendMailToAdministrators(String subject, String message) { - } - - @Override - public void sendMail(String subject, String message, Collection toAddresses) { - } - - @Override - public void sendHtmlMail(String subject, String message, Collection toAddresses) { - } - - @Override - public void send(Mailing mailing) { - } - } -} +/* + * Copyright 2011 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gitblit; + +import java.io.File; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import org.kohsuke.args4j.CmdLineException; +import org.kohsuke.args4j.CmdLineParser; +import org.kohsuke.args4j.Option; + +import com.gitblit.manager.FederationManager; +import com.gitblit.manager.GitblitManager; +import com.gitblit.manager.IGitblit; +import com.gitblit.manager.INotificationManager; +import com.gitblit.manager.RepositoryManager; +import com.gitblit.manager.RuntimeManager; +import com.gitblit.manager.UserManager; +import com.gitblit.models.FederationModel; +import com.gitblit.models.Mailing; +import com.gitblit.service.FederationPullService; +import com.gitblit.utils.FederationUtils; +import com.gitblit.utils.StringUtils; ++import com.gitblit.utils.XssFilter; ++import com.gitblit.utils.XssFilter.AllowXssFilter; + +/** + * Command-line client to pull federated Gitblit repositories. + * + * @author James Moger + * + */ +public class FederationClient { + + public static void main(String[] args) { + Params params = new Params(); + CmdLineParser parser = new CmdLineParser(params); + try { + parser.parseArgument(args); + } catch (CmdLineException t) { + usage(parser, t); + } + + System.out.println("Gitblit Federation Client v" + Constants.getVersion() + " (" + Constants.getBuildDate() + ")"); + + // command-line specified base folder + File baseFolder = new File(System.getProperty("user.dir")); + if (!StringUtils.isEmpty(params.baseFolder)) { + baseFolder = new File(params.baseFolder); + } + + File regFile = com.gitblit.utils.FileUtils.resolveParameter(Constants.baseFolder$, baseFolder, params.registrationsFile); + FileSettings settings = new FileSettings(regFile.getAbsolutePath()); + List registrations = new ArrayList(); + if (StringUtils.isEmpty(params.url)) { + registrations.addAll(FederationUtils.getFederationRegistrations(settings)); + } else { + if (StringUtils.isEmpty(params.token)) { + System.out.println("Must specify --token parameter!"); + System.exit(0); + } + FederationModel model = new FederationModel("Gitblit"); + model.url = params.url; + model.token = params.token; + model.mirror = params.mirror; + model.bare = params.bare; + model.folder = ""; + registrations.add(model); + } + if (registrations.size() == 0) { + System.out.println("No Federation Registrations! Nothing to do."); + System.exit(0); + } + + // command-line specified repositories folder + if (!StringUtils.isEmpty(params.repositoriesFolder)) { + settings.overrideSetting(Keys.git.repositoriesFolder, new File( + params.repositoriesFolder).getAbsolutePath()); + } + + // configure the Gitblit singleton for minimal, non-server operation - RuntimeManager runtime = new RuntimeManager(settings, baseFolder).start(); ++ XssFilter xssFilter = new AllowXssFilter(); ++ RuntimeManager runtime = new RuntimeManager(settings, xssFilter, baseFolder).start(); + NoopNotificationManager notifications = new NoopNotificationManager().start(); + UserManager users = new UserManager(runtime, null).start(); + RepositoryManager repositories = new RepositoryManager(runtime, null, users).start(); + FederationManager federation = new FederationManager(runtime, notifications, repositories).start(); + IGitblit gitblit = new GitblitManager(null, null, runtime, null, notifications, users, null, repositories, null, federation); + + FederationPullService puller = new FederationPullService(gitblit, federation.getFederationRegistrations()) { + @Override + public void reschedule(FederationModel registration) { + // NOOP + } + }; + puller.run(); + + System.out.println("Finished."); + System.exit(0); + } + + private static void usage(CmdLineParser parser, CmdLineException t) { + System.out.println(Constants.getGitBlitVersion()); + System.out.println(); + if (t != null) { + System.out.println(t.getMessage()); + System.out.println(); + } + + if (parser != null) { + parser.printUsage(System.out); + } + System.exit(0); + } + + /** + * Parameters class for FederationClient. + */ + private static class Params { + + @Option(name = "--registrations", usage = "Gitblit Federation Registrations File", metaVar = "FILE") + public String registrationsFile = "${baseFolder}/federation.properties"; + + @Option(name = "--url", usage = "URL of Gitblit instance to mirror from", metaVar = "URL") + public String url; + + @Option(name = "--mirror", usage = "Mirror repositories") + public boolean mirror; + + @Option(name = "--bare", usage = "Create bare repositories") + public boolean bare; + + @Option(name = "--token", usage = "Federation Token", metaVar = "TOKEN") + public String token; + + @Option(name = "--baseFolder", usage = "Base folder for received data", metaVar = "PATH") + public String baseFolder; + + @Option(name = "--repositoriesFolder", usage = "Destination folder for cloned repositories", metaVar = "PATH") + public String repositoriesFolder; + + } + + private static class NoopNotificationManager implements INotificationManager { + + @Override + public NoopNotificationManager start() { + return this; + } + + @Override + public NoopNotificationManager stop() { + return this; + } + + @Override + public boolean isSendingMail() { + return false; + } + + @Override + public void sendMailToAdministrators(String subject, String message) { + } + + @Override + public void sendMail(String subject, String message, Collection toAddresses) { + } + + @Override + public void sendHtmlMail(String subject, String message, Collection toAddresses) { + } + + @Override + public void send(Mailing mailing) { + } + } +} diff --cc src/main/java/com/gitblit/guice/CoreModule.java index c0d39e99,00000000..a942b2ec mode 100644,000000..100644 --- a/src/main/java/com/gitblit/guice/CoreModule.java +++ b/src/main/java/com/gitblit/guice/CoreModule.java @@@ -1,79 -1,0 +1,82 @@@ +/* + * Copyright 2014 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gitblit.guice; + +import com.gitblit.FileSettings; +import com.gitblit.GitBlit; +import com.gitblit.IStoredSettings; +import com.gitblit.manager.AuthenticationManager; +import com.gitblit.manager.FederationManager; +import com.gitblit.manager.IAuthenticationManager; +import com.gitblit.manager.IFederationManager; +import com.gitblit.manager.IGitblit; +import com.gitblit.manager.INotificationManager; +import com.gitblit.manager.IPluginManager; +import com.gitblit.manager.IProjectManager; +import com.gitblit.manager.IRepositoryManager; +import com.gitblit.manager.IRuntimeManager; +import com.gitblit.manager.IServicesManager; +import com.gitblit.manager.IUserManager; +import com.gitblit.manager.NotificationManager; +import com.gitblit.manager.PluginManager; +import com.gitblit.manager.ProjectManager; +import com.gitblit.manager.RepositoryManager; +import com.gitblit.manager.RuntimeManager; +import com.gitblit.manager.ServicesManager; +import com.gitblit.manager.UserManager; +import com.gitblit.tickets.ITicketService; +import com.gitblit.transport.ssh.IPublicKeyManager; ++import com.gitblit.utils.JSoupXssFilter; +import com.gitblit.utils.WorkQueue; ++import com.gitblit.utils.XssFilter; +import com.google.inject.AbstractModule; + +/** + * CoreModule references all the core business objects. + * + * @author James Moger + * + */ +public class CoreModule extends AbstractModule { + + @Override + protected void configure() { + + bind(IStoredSettings.class).toInstance(new FileSettings()); ++ bind(XssFilter.class).to(JSoupXssFilter.class); + + // bind complex providers + bind(IPublicKeyManager.class).toProvider(IPublicKeyManagerProvider.class); + bind(ITicketService.class).toProvider(ITicketServiceProvider.class); + bind(WorkQueue.class).toProvider(WorkQueueProvider.class); + + // core managers + bind(IRuntimeManager.class).to(RuntimeManager.class); + bind(IPluginManager.class).to(PluginManager.class); + bind(INotificationManager.class).to(NotificationManager.class); + bind(IUserManager.class).to(UserManager.class); + bind(IAuthenticationManager.class).to(AuthenticationManager.class); + bind(IRepositoryManager.class).to(RepositoryManager.class); + bind(IProjectManager.class).to(ProjectManager.class); + bind(IFederationManager.class).to(FederationManager.class); + + // the monolithic manager + bind(IGitblit.class).to(GitBlit.class); + + // manager for long-running daemons and services + bind(IServicesManager.class).to(ServicesManager.class); + } +} diff --cc src/main/java/com/gitblit/manager/GitblitManager.java index da081276,2ed52d67..6edac453 --- a/src/main/java/com/gitblit/manager/GitblitManager.java +++ b/src/main/java/com/gitblit/manager/GitblitManager.java @@@ -586,11 -664,11 +588,16 @@@ public class GitblitManager implements return runtimeManager.getStatus(); } + @Override + public Injector getInjector() { + return runtimeManager.getInjector(); + } + + @Override + public XssFilter getXssFilter() { + return runtimeManager.getXssFilter(); + } + /* * NOTIFICATION MANAGER */ diff --cc src/main/java/com/gitblit/manager/IRuntimeManager.java index 8322d34f,132534c3..2203b7ff --- a/src/main/java/com/gitblit/manager/IRuntimeManager.java +++ b/src/main/java/com/gitblit/manager/IRuntimeManager.java @@@ -24,7 -24,7 +24,8 @@@ import java.util.TimeZone import com.gitblit.IStoredSettings; import com.gitblit.models.ServerSettings; import com.gitblit.models.ServerStatus; + import com.gitblit.utils.XssFilter; +import com.google.inject.Injector; public interface IRuntimeManager extends IManager { diff --cc src/main/java/com/gitblit/manager/RuntimeManager.java index 95a363f6,219bf801..18d6b9c2 --- a/src/main/java/com/gitblit/manager/RuntimeManager.java +++ b/src/main/java/com/gitblit/manager/RuntimeManager.java @@@ -32,11 -32,8 +32,12 @@@ import com.gitblit.models.ServerSetting import com.gitblit.models.ServerStatus; import com.gitblit.models.SettingModel; import com.gitblit.utils.StringUtils; + import com.gitblit.utils.XssFilter; +import com.google.inject.Inject; +import com.google.inject.Injector; +import com.google.inject.Singleton; +@Singleton public class RuntimeManager implements IRuntimeManager { private final Logger logger = LoggerFactory.getLogger(getClass()); @@@ -51,15 -50,11 +54,15 @@@ private TimeZone timezone; + @Inject + private Injector injector; + + @Inject - public RuntimeManager(IStoredSettings settings) { - this(settings, null); + public RuntimeManager(IStoredSettings settings, XssFilter xssFilter) { + this(settings, xssFilter, null); } - public RuntimeManager(IStoredSettings settings, File baseFolder) { + public RuntimeManager(IStoredSettings settings, XssFilter xssFilter, File baseFolder) { this.settings = settings; this.settingsModel = new ServerSettings(); this.serverStatus = new ServerStatus(); diff --cc src/main/java/com/gitblit/utils/JSoupXssFilter.java index 00000000,b07bcb9d..a0b3da21 mode 000000,100644..100644 --- a/src/main/java/com/gitblit/utils/JSoupXssFilter.java +++ b/src/main/java/com/gitblit/utils/JSoupXssFilter.java @@@ -1,0 -1,87 +1,92 @@@ + /* + * Copyright 2014 gitblit.com. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package com.gitblit.utils; + + import org.jsoup.Jsoup; + import org.jsoup.nodes.Document; + import org.jsoup.safety.Cleaner; + import org.jsoup.safety.Whitelist; + ++import com.google.inject.Inject; ++import com.google.inject.Singleton; ++ + /** + * Implementation of an XSS filter based on JSoup. + * + * @author James Moger + * + */ ++@Singleton + public class JSoupXssFilter implements XssFilter { + + private final Cleaner none; + + private final Cleaner relaxed; + ++ @Inject + public JSoupXssFilter() { + none = new Cleaner(Whitelist.none()); + relaxed = new Cleaner(getRelaxedWhiteList()); + } + + @Override + public String none(String input) { + return clean(input, none); + } + + @Override + public String relaxed(String input) { + return clean(input, relaxed); + } + + protected String clean(String input, Cleaner cleaner) { + Document unsafe = Jsoup.parse(input); + Document safe = cleaner.clean(unsafe); + return safe.body().html(); + } + + /** + * Builds & returns a loose HTML whitelist similar to Github. + * + * https://github.com/github/markup/tree/master#html-sanitization + * @return a loose HTML whitelist + */ + protected Whitelist getRelaxedWhiteList() { + return new Whitelist() + .addTags( + "a", "b", "blockquote", "br", "caption", "cite", "code", "col", + "colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr", + "i", "img", "ins", "kbd", "li", "ol", "p", "pre", "q", "samp", "small", "strike", "strong", + "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u", + "ul", "var") + + .addAttributes("a", "href", "title") + .addAttributes("blockquote", "cite") + .addAttributes("col", "span", "width") + .addAttributes("colgroup", "span", "width") + .addAttributes("img", "align", "alt", "height", "src", "title", "width") + .addAttributes("ol", "start", "type") + .addAttributes("q", "cite") + .addAttributes("table", "summary", "width") + .addAttributes("td", "abbr", "axis", "colspan", "rowspan", "width") + .addAttributes("th", "abbr", "axis", "colspan", "rowspan", "scope", "width") + .addAttributes("ul", "type") + + .addEnforcedAttribute("a", "rel", "nofollow") + ; + } + + } diff --cc src/main/java/com/gitblit/wicket/GitBlitWebApp.java index 036a05a5,38dbf57d..922e2045 --- a/src/main/java/com/gitblit/wicket/GitBlitWebApp.java +++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp.java @@@ -103,12 -99,10 +104,14 @@@ public class GitBlitWebApp extends WebA private final Map cacheablePages = new HashMap(); + private final Provider publicKeyManagerProvider; + + private final Provider ticketServiceProvider; + private final IStoredSettings settings; + private final XssFilter xssFilter; + private final IRuntimeManager runtimeManager; private final IPluginManager pluginManager; @@@ -141,13 -132,12 +144,14 @@@ IRepositoryManager repositoryManager, IProjectManager projectManager, IFederationManager federationManager, - IGitblit gitblit) { + IGitblit gitblit, + IServicesManager services) { super(); + this.publicKeyManagerProvider = publicKeyManagerProvider; + this.ticketServiceProvider = ticketServiceProvider; this.settings = runtimeManager.getSettings(); + this.xssFilter = runtimeManager.getXssFilter(); this.runtimeManager = runtimeManager; this.pluginManager = pluginManager; this.notificationManager = notificationManager; diff --cc src/test/java/com/gitblit/tests/mock/MockRuntimeManager.java index 9a71c884,7b563622..8897ef7e --- a/src/test/java/com/gitblit/tests/mock/MockRuntimeManager.java +++ b/src/test/java/com/gitblit/tests/mock/MockRuntimeManager.java @@@ -28,7 -28,8 +28,9 @@@ import com.gitblit.manager.IRuntimeMana import com.gitblit.models.ServerSettings; import com.gitblit.models.ServerStatus; import com.gitblit.models.SettingModel; + import com.gitblit.utils.XssFilter; + import com.gitblit.utils.XssFilter.AllowXssFilter; +import com.google.inject.Injector; public class MockRuntimeManager implements IRuntimeManager {