From 7baf2e4cd2ef8082b74937e26de75b01e630b5d4 Mon Sep 17 00:00:00 2001 From: James Moger Date: Thu, 17 Apr 2014 12:00:35 -0400 Subject: [PATCH] Expose JGit 3.x receive pack settings as Gitblit settings --- releases.moxie | 5 +++ src/main/distrib/data/gitblit.properties | 41 +++++++++++++++++++ .../com/gitblit/git/GitblitReceivePack.java | 11 +++++ 3 files changed, 57 insertions(+) diff --git a/releases.moxie b/releases.moxie index 15d333d4..cd2cfaa2 100644 --- a/releases.moxie +++ b/releases.moxie @@ -43,6 +43,7 @@ r22: { - Added beginnings of a plugin framework for extending Gitblit (issue-381, ticket-23) - Added a French translation (pr-163) - Added a setting to control what transports may be used for pushes + - Expose JGit 3.x receive pack settings (issue-408) dependencyChanges: - Java 7 - Jetty 9.1.4 @@ -64,6 +65,10 @@ r22: { - { name: 'realm.ldap.bindpattern', defaultValue: ' ' } - { name: 'tickets.closeOnPushCommitMessageRegex', defaultValue: '(?:fixes|closes)[\\s-]+#?(\\d+)' } - { name: 'git.acceptedPushTransports', defaultValue: ' ' } + - { name: 'git.checkReceivedObjects', defaultValue: 'true' } + - { name: 'git.checkReferencedObjectsAreReachable', defaultValue: 'true' } + - { name: 'git.maxObjectSizeLimit', defaultValue: '0' } + - { name: 'git.maxPackSizeLimit', defaultValue: '-1' } - { name: 'git.sshPort', defaultValue: '29418' } - { name: 'git.sshBindInterface', defaultValue: ' ' } - { name: 'git.sshKeysManager', defaultValue: 'com.gitblit.transport.ssh.FileKeyManager' } diff --git a/src/main/distrib/data/gitblit.properties b/src/main/distrib/data/gitblit.properties index beeb965b..3215094e 100644 --- a/src/main/distrib/data/gitblit.properties +++ b/src/main/distrib/data/gitblit.properties @@ -126,6 +126,8 @@ git.sshKeysFolder= ${baseFolder}/ssh # SSH backend NIO2|MINA. # +# The Apache Mina project recommends using the NIO2 backend. +# # SINCE 1.5.0 git.sshBackend = NIO2 @@ -483,6 +485,45 @@ git.streamFileThreshold = 50m # RESTART REQUIRED git.packedGitMmap = false +# Validate all received (pushed) objects are valid. +# +# SINCE 1.5.0 +git.checkReceivedObjects = true + +# Validate all referenced but not supplied objects are reachable. +# +# If enabled, Gitblit will verify that references to objects not contained +# within the received pack are already reachable through at least one other +# reference advertised to clients. +# +# This feature is useful when Gitblit doesn't trust the client to not provide a +# forged SHA-1 reference to an object, in an attempt to access parts of the DAG +# that they aren't allowed to see and which have been hidden from them via the +# configured AdvertiseRefsHook or RefFilter. +# +# Enabling this feature may imply at least some, if not all, of the same functionality +# performed by git.checkReceivedObjects. +# +# SINCE 1.5.0 +git.checkReferencedObjectsAreReachable = true + +# Set the maximum allowed Git object size. +# +# If an object is larger than the given size the pack-parsing will throw an exception +# aborting the receive-pack operation. The default value, 0, disables maximum +# object size checking. +# +# SINCE 1.5.0 +git.maxObjectSizeLimit = 0 + +# Set the maximum allowed pack size. +# +# A pack exceeding this size will be rejected. The default value, -1, disables +# maximum pack size checking. +# +# SINCE 1.5.0 +git.maxPackSizeLimit = -1 + # Use the Gitblit patch receive pack for processing contributions and tickets. # This allows the user to push a patch using the familiar Gerrit syntax: # diff --git a/src/main/java/com/gitblit/git/GitblitReceivePack.java b/src/main/java/com/gitblit/git/GitblitReceivePack.java index 0cc41987..61f2d67d 100644 --- a/src/main/java/com/gitblit/git/GitblitReceivePack.java +++ b/src/main/java/com/gitblit/git/GitblitReceivePack.java @@ -119,6 +119,17 @@ public class GitblitReceivePack extends ReceivePack implements PreReceiveHook, P setAllowDeletes(user.canDeleteRef(repository)); setAllowNonFastForwards(user.canRewindRef(repository)); + int maxObjectSz = settings.getInteger(Keys.git.maxObjectSizeLimit, -1); + if (maxObjectSz >= 0) { + setMaxObjectSizeLimit(maxObjectSz); + } + int maxPackSz = settings.getInteger(Keys.git.maxPackSizeLimit, -1); + if (maxPackSz >= 0) { + setMaxPackSizeLimit(maxPackSz); + } + setCheckReceivedObjects(settings.getBoolean(Keys.git.checkReceivedObjects, true)); + setCheckReferencedObjectsAreReachable(settings.getBoolean(Keys.git.checkReferencedObjectsAreReachable, true)); + // setup pre and post receive hook setPreReceiveHook(this); setPostReceiveHook(this); -- 2.39.5