From 9bde5212feeafc17dbbf71d190a9d644512267be Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Mon, 11 Nov 2019 00:33:02 +0100 Subject: [PATCH] Add `clone.bundle` as known command, but reject it as not implemented. --- .../gitblit/servlet/AccessRestrictionFilter.java | 9 +++++++++ src/main/java/com/gitblit/servlet/GitFilter.java | 12 ++++++++++-- .../java/com/gitblit/tests/GitServletTest.java | 14 +++++++++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java b/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java index f83f1608..61c5eb1c 100644 --- a/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java +++ b/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java @@ -188,6 +188,15 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter { return; } + // TODO: Maybe checking for clone bundle should be done somewhere else? Like other stuff? + // In any way, the access to the constant from here is messed up an needs some cleaning up. + if (GitFilter.CLONE_BUNDLE.equalsIgnoreCase(urlRequestType)) { + logger.info(MessageFormat.format("ARF: Rejecting request for {0}, clone bundle is not implemented.", repository)); + httpResponse.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, "The 'clone.bundle' command is currently not implemented. " + + "Please use a normal clone command."); + return; + } + UserModel user = getUser(httpRequest); // Load the repository model diff --git a/src/main/java/com/gitblit/servlet/GitFilter.java b/src/main/java/com/gitblit/servlet/GitFilter.java index 4b32b433..66933cbd 100644 --- a/src/main/java/com/gitblit/servlet/GitFilter.java +++ b/src/main/java/com/gitblit/servlet/GitFilter.java @@ -49,11 +49,13 @@ public class GitFilter extends AccessRestrictionFilter { static final String GIT_RECEIVE_PACK = "/git-receive-pack"; static final String GIT_UPLOAD_PACK = "/git-upload-pack"; + + static final String CLONE_BUNDLE = "/clone.bundle"; static final String GIT_LFS = "/info/lfs"; static final String[] SUFFIXES = {GIT_RECEIVE_PACK, GIT_UPLOAD_PACK, "/info/refs", "/HEAD", - "/objects", GIT_LFS}; + "/objects", GIT_LFS, CLONE_BUNDLE}; private IStoredSettings settings; @@ -127,6 +129,8 @@ public class GitFilter extends AccessRestrictionFilter { return GIT_UPLOAD_PACK; } else if (suffix.startsWith(GIT_LFS)) { return GIT_LFS; + } else if (suffix.startsWith(CLONE_BUNDLE)) { + return CLONE_BUNDLE; } else { return GIT_UPLOAD_PACK; } @@ -163,7 +167,11 @@ public class GitFilter extends AccessRestrictionFilter { if (GIT_LFS.equals(action)) { return false; } - + // Action is not implemened. + if (CLONE_BUNDLE.equals(action)) { + return false; + } + return settings.getBoolean(Keys.git.allowCreateOnPush, true); } diff --git a/src/test/java/com/gitblit/tests/GitServletTest.java b/src/test/java/com/gitblit/tests/GitServletTest.java index c433ab18..a816143d 100644 --- a/src/test/java/com/gitblit/tests/GitServletTest.java +++ b/src/test/java/com/gitblit/tests/GitServletTest.java @@ -978,8 +978,20 @@ public class GitServletTest extends GitblitUnitTest { HttpGet request = new HttpGet(testURL); HttpResponse response = client.execute(request); - assertEquals(400, response.getStatusLine().getStatusCode()); } + @Test + public void testInvalidURLCloneBundle() throws IOException { + final String testURL = GitBlitSuite.gitServletUrl + "/helloworld.git/clone.bundle"; + + HttpClient client = HttpClientBuilder.create().build(); + HttpGet request = new HttpGet(testURL); + + HttpResponse response = client.execute(request); + assertEquals(501, response.getStatusLine().getStatusCode()); + String content = IOUtils.toString(response.getEntity().getContent(), "UTF-8"); + assertNotNull(content); + } + } -- 2.39.5