summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit
diff options
context:
space:
mode:
authorJonathan Nieder <jrn@google.com>2018-12-22 13:53:10 -0800
committerJonathan Nieder <jrn@google.com>2018-12-26 13:26:39 -0800
commiteb4c63fbbf0972d64af09ba31fdd758944a677cb (patch)
treeedeab8444c9fa7c6ee327ddc8da6849521d0b272 /org.eclipse.jgit
parentf909de5c44900cb89a92ebcb1923789ee4e8e100 (diff)
downloadjgit-eb4c63fbbf0972d64af09ba31fdd758944a677cb.tar.gz
jgit-eb4c63fbbf0972d64af09ba31fdd758944a677cb.zip
UploadPack: Filter refs used for deepen-not resolution
Clients can use --shallow-exclude to obtain information about what commits are reachable from refs they are not supposed to be able to see. Plug the hole by allowing the AdvertiseRefsHook and RefFilter to take effect here, too. Change-Id: If2b8e95344fa49e10a6a202144318b60d002490e Signed-off-by: Jonathan Nieder <jrn@google.com>
Diffstat (limited to 'org.eclipse.jgit')
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java35
1 files changed, 34 insertions, 1 deletions
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
index 62e8ae0cce..2fbcaa2928 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/UploadPack.java
@@ -98,6 +98,7 @@ import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectReader;
import org.eclipse.jgit.lib.ProgressMonitor;
import org.eclipse.jgit.lib.Ref;
+import org.eclipse.jgit.lib.RefDatabase;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.AsyncRevObjectQueue;
import org.eclipse.jgit.revwalk.BitmapWalker;
@@ -878,6 +879,38 @@ public class UploadPack {
return getAdvertisedOrDefaultRefs().get(name);
}
+ /**
+ * Find a ref in the usual search path on behalf of the client.
+ * <p>
+ * This checks that the ref is present in the ref advertisement since
+ * otherwise the client might not be supposed to be able to read it.
+ *
+ * @param name
+ * short name of the ref to find, e.g. "master" to find
+ * "refs/heads/master".
+ * @return the requested Ref, or {@code null} if it is not visible or
+ * does not exist.
+ * @throws java.io.IOException
+ * on failure to read the ref or check it for visibility.
+ */
+ @Nullable
+ private Ref findRef(String name) throws IOException {
+ if (refs != null) {
+ return RefDatabase.findRef(refs, name);
+ }
+ if (!advertiseRefsHookCalled) {
+ advertiseRefsHook.advertiseRefs(this);
+ advertiseRefsHookCalled = true;
+ }
+ if (refs == null &&
+ refFilter == RefFilter.DEFAULT &&
+ transferConfig.hasDefaultRefFilter()) {
+ // Fast path: no ref filtering is needed.
+ return db.getRefDatabase().getRef(name);
+ }
+ return RefDatabase.findRef(getAdvertisedOrDefaultRefs(), name);
+ }
+
private void service() throws IOException {
boolean sendPack = false;
// If it's a non-bidi request, we need to read the entire request before
@@ -1033,7 +1066,7 @@ public class UploadPack {
// copying data back to class fields
List<ObjectId> deepenNots = new ArrayList<>();
for (String s : req.getDeepenNotRefs()) {
- Ref ref = db.getRefDatabase().getRef(s);
+ Ref ref = findRef(s);
if (ref == null) {
throw new PackProtocolException(MessageFormat
.format(JGitText.get().invalidRefName, s));