mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 Commits
49 Branches
Tree: 5e33a1de83
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5e33a1de83'
${ noResults }
jgit/org.eclipse.jgit.http.server/src/org/eclipse/jgit/http/server/resolver/FileResolver.java

FileResolver.java 5.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. /*

  2.  * Copyright (C) 2009-2010, Google Inc.

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. 

  44. package org.eclipse.jgit.http.server.resolver;

  45. 

  46. import java.io.File;

  47. import java.io.IOException;

  48. 

  49. import javax.servlet.http.HttpServletRequest;

  50. 

  51. import org.eclipse.jgit.errors.RepositoryNotFoundException;

  52. import org.eclipse.jgit.lib.Repository;

  53. import org.eclipse.jgit.lib.RepositoryCache;

  54. import org.eclipse.jgit.lib.RepositoryCache.FileKey;

  55. 

  56. /** Default resolver serving from a single root path in local filesystem. */

  57. public class FileResolver implements RepositoryResolver {

  58. 	private final File basePath;

  59. 

  60. 	private final boolean exportAll;

  61. 

  62. 	/**

  63. 	 * Create a new resolver for the given path.

  64. 	 *

  65. 	 * @param basePath

  66. 	 *            the base path all repositories are rooted under.

  67. 	 * @param exportAll

  68. 	 *            if true, exports all repositories, ignoring the check for the

  69. 	 *            {@code git-daemon-export-ok} files.

  70. 	 */

  71. 	public FileResolver(final File basePath, final boolean exportAll) {

  72. 		this.basePath = basePath;

  73. 		this.exportAll = exportAll;

  74. 	}

  75. 

  76. 	public Repository open(final HttpServletRequest req,

  77. 			final String repositoryName) throws RepositoryNotFoundException,

  78. 			ServiceNotEnabledException {

  79. 		if (isUnreasonableName(repositoryName))

  80. 			throw new RepositoryNotFoundException(repositoryName);

  81. 

  82. 		final Repository db;

  83. 		try {

  84. 			final File gitdir = new File(basePath, repositoryName);

  85. 			db = RepositoryCache.open(FileKey.lenient(gitdir), true);

  86. 		} catch (IOException e) {

  87. 			throw new RepositoryNotFoundException(repositoryName, e);

  88. 		}

  89. 

  90. 		try {

  91. 			if (isExportOk(req, repositoryName, db)) {

  92. 				// We have to leak the open count to the caller, they

  93. 				// are responsible for closing the repository if we

  94. 				// complete successfully.

  95. 				return db;

  96. 			} else

  97. 				throw new ServiceNotEnabledException();

  98. 

  99. 		} catch (RuntimeException e) {

  100. 			db.close();

  101. 			throw new RepositoryNotFoundException(repositoryName, e);

  102. 

  103. 		} catch (IOException e) {

  104. 			db.close();

  105. 			throw new RepositoryNotFoundException(repositoryName, e);

  106. 

  107. 		} catch (ServiceNotEnabledException e) {

  108. 			db.close();

  109. 			throw e;

  110. 		}

  111. 	}

  112. 

  113. 	/** @return {@code true} if all repositories are to be exported. */

  114. 	protected boolean isExportAll() {

  115. 		return exportAll;

  116. 	}

  117. 

  118. 	/**

  119. 	 * Check if this repository can be served over HTTP.

  120. 	 * <p>

  121. 	 * The default implementation of this method returns true only if either

  122. 	 * {@link #isExportAll()} is true, or the {@code git-daemon-export-ok} file

  123. 	 * is present in the repository's directory.

  124. 	 *

  125. 	 * @param req

  126. 	 *            the current HTTP request.

  127. 	 * @param repositoryName

  128. 	 *            name of the repository, as present in the URL.

  129. 	 * @param db

  130. 	 *            the opened repository instance.

  131. 	 * @return true if the repository is accessible; false if not.

  132. 	 * @throws IOException

  133. 	 *             the repository could not be accessed, the caller will claim

  134. 	 *             the repository does not exist.

  135. 	 */

  136. 	protected boolean isExportOk(HttpServletRequest req, String repositoryName,

  137. 			Repository db) throws IOException {

  138. 		if (isExportAll())

  139. 			return true;

  140. 		else

  141. 			return new File(db.getDirectory(), "git-daemon-export-ok").exists();

  142. 	}

  143. 

  144. 	private static boolean isUnreasonableName(final String name) {

  145. 		if (name.length() == 0)

  146. 			return true; // no empty paths

  147. 

  148. 		if (name.indexOf('\\') >= 0)

  149. 			return true; // no windows/dos style paths

  150. 		if (new File(name).isAbsolute())

  151. 			return true; // no absolute paths

  152. 

  153. 		if (name.startsWith("../"))

  154. 			return true; // no "l../etc/passwd"

  155. 		if (name.contains("/../"))

  156. 			return true; // no "foo/../etc/passwd"

  157. 		if (name.contains("/./"))

  158. 			return true; // "foo/./foo" is insane to ask

  159. 		if (name.contains("//"))

  160. 			return true; // double slashes is sloppy, don't use it

  161. 

  162. 		return false; // is a reasonable name

  163. 	}

  164. }