Possibility to limit the max pack size on receive-pack
The maxPackSizeLimit, when set, will reject a pack if it exceeds that limit. This feature is intended to provide a mechanism to control disk space quota on Git repositories. Change-Id: I83d8db670875c395f8171461b402083323e623a5 CQ: 7896
This commit is contained in:
parent
18b030bcb5
commit
0d05e5d26c
|
@ -403,6 +403,8 @@ readingObjectsFromLocalRepositoryFailed=reading objects from local repository fa
|
||||||
readTimedOut=Read timed out after {0} ms
|
readTimedOut=Read timed out after {0} ms
|
||||||
receivePackObjectTooLarge1=Object too large, rejecting the pack. Max object size limit is {0} bytes.
|
receivePackObjectTooLarge1=Object too large, rejecting the pack. Max object size limit is {0} bytes.
|
||||||
receivePackObjectTooLarge2=Object too large ({0} bytes), rejecting the pack. Max object size limit is {1} bytes.
|
receivePackObjectTooLarge2=Object too large ({0} bytes), rejecting the pack. Max object size limit is {1} bytes.
|
||||||
|
receivePackInvalidLimit=Illegal limit parameter value {0}
|
||||||
|
receivePackTooLarge=Pack exceeds the limit of {0} bytes, rejecting the pack
|
||||||
receivingObjects=Receiving objects
|
receivingObjects=Receiving objects
|
||||||
refAlreadyExists=already exists
|
refAlreadyExists=already exists
|
||||||
refAlreadyExists1=Ref {0} already exists
|
refAlreadyExists1=Ref {0} already exists
|
||||||
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2014, Sasa Zivkov <sasa.zivkov@sap.com>, SAP AG
|
||||||
|
* and other copyright owners as documented in the project's IP log.
|
||||||
|
*
|
||||||
|
* This program and the accompanying materials are made available
|
||||||
|
* under the terms of the Eclipse Distribution License v1.0 which
|
||||||
|
* accompanies this distribution, is reproduced below, and is
|
||||||
|
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or
|
||||||
|
* without modification, are permitted provided that the following
|
||||||
|
* conditions are met:
|
||||||
|
*
|
||||||
|
* - Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* - Redistributions in binary form must reproduce the above
|
||||||
|
* copyright notice, this list of conditions and the following
|
||||||
|
* disclaimer in the documentation and/or other materials provided
|
||||||
|
* with the distribution.
|
||||||
|
*
|
||||||
|
* - Neither the name of the Eclipse Foundation, Inc. nor the
|
||||||
|
* names of its contributors may be used to endorse or promote
|
||||||
|
* products derived from this software without specific prior
|
||||||
|
* written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
||||||
|
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||||
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||||
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||||
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||||
|
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.eclipse.jgit.errors;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import org.eclipse.jgit.internal.JGitText;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Thrown when a pack exceeds a given size limit
|
||||||
|
*
|
||||||
|
* @since 3.3
|
||||||
|
*/
|
||||||
|
public class TooLargePackException extends IOException {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Construct a too large pack exception.
|
||||||
|
*
|
||||||
|
* @param packSizeLimit
|
||||||
|
* the pack size limit (in bytes) that was exceeded
|
||||||
|
*/
|
||||||
|
public TooLargePackException(long packSizeLimit) {
|
||||||
|
super(MessageFormat.format(JGitText.get().receivePackTooLarge,
|
||||||
|
Long.valueOf(packSizeLimit)));
|
||||||
|
}
|
||||||
|
}
|
|
@ -465,6 +465,8 @@ public static JGitText get() {
|
||||||
/***/ public String readTimedOut;
|
/***/ public String readTimedOut;
|
||||||
/***/ public String receivePackObjectTooLarge1;
|
/***/ public String receivePackObjectTooLarge1;
|
||||||
/***/ public String receivePackObjectTooLarge2;
|
/***/ public String receivePackObjectTooLarge2;
|
||||||
|
/***/ public String receivePackInvalidLimit;
|
||||||
|
/***/ public String receivePackTooLarge;
|
||||||
/***/ public String receivingObjects;
|
/***/ public String receivingObjects;
|
||||||
/***/ public String refAlreadyExists;
|
/***/ public String refAlreadyExists;
|
||||||
/***/ public String refAlreadyExists1;
|
/***/ public String refAlreadyExists1;
|
||||||
|
|
|
@ -55,6 +55,7 @@
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
import java.text.MessageFormat;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
|
@ -65,6 +66,7 @@
|
||||||
|
|
||||||
import org.eclipse.jgit.errors.MissingObjectException;
|
import org.eclipse.jgit.errors.MissingObjectException;
|
||||||
import org.eclipse.jgit.errors.PackProtocolException;
|
import org.eclipse.jgit.errors.PackProtocolException;
|
||||||
|
import org.eclipse.jgit.errors.TooLargePackException;
|
||||||
import org.eclipse.jgit.internal.JGitText;
|
import org.eclipse.jgit.internal.JGitText;
|
||||||
import org.eclipse.jgit.internal.storage.file.PackLock;
|
import org.eclipse.jgit.internal.storage.file.PackLock;
|
||||||
import org.eclipse.jgit.lib.BatchRefUpdate;
|
import org.eclipse.jgit.lib.BatchRefUpdate;
|
||||||
|
@ -89,6 +91,7 @@
|
||||||
import org.eclipse.jgit.revwalk.RevWalk;
|
import org.eclipse.jgit.revwalk.RevWalk;
|
||||||
import org.eclipse.jgit.transport.ReceiveCommand.Result;
|
import org.eclipse.jgit.transport.ReceiveCommand.Result;
|
||||||
import org.eclipse.jgit.util.io.InterruptTimer;
|
import org.eclipse.jgit.util.io.InterruptTimer;
|
||||||
|
import org.eclipse.jgit.util.io.LimitedInputStream;
|
||||||
import org.eclipse.jgit.util.io.TimeoutInputStream;
|
import org.eclipse.jgit.util.io.TimeoutInputStream;
|
||||||
import org.eclipse.jgit.util.io.TimeoutOutputStream;
|
import org.eclipse.jgit.util.io.TimeoutOutputStream;
|
||||||
|
|
||||||
|
@ -234,6 +237,9 @@ public Set<String> getCapabilities() {
|
||||||
/** Git object size limit */
|
/** Git object size limit */
|
||||||
private long maxObjectSizeLimit;
|
private long maxObjectSizeLimit;
|
||||||
|
|
||||||
|
/** Total pack size limit */
|
||||||
|
private long maxPackSizeLimit = -1;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create a new pack receive for an open repository.
|
* Create a new pack receive for an open repository.
|
||||||
*
|
*
|
||||||
|
@ -622,6 +628,24 @@ public void setMaxObjectSizeLimit(final long limit) {
|
||||||
maxObjectSizeLimit = limit;
|
maxObjectSizeLimit = limit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the maximum allowed pack size.
|
||||||
|
* <p>
|
||||||
|
* A pack exceeding this size will be rejected.
|
||||||
|
*
|
||||||
|
* @param limit
|
||||||
|
* the pack size limit, in bytes
|
||||||
|
*
|
||||||
|
* @since 3.3
|
||||||
|
*/
|
||||||
|
public void setMaxPackSizeLimit(final long limit) {
|
||||||
|
if (limit < 0)
|
||||||
|
throw new IllegalArgumentException(MessageFormat.format(
|
||||||
|
JGitText.get().receivePackInvalidLimit, Long.valueOf(limit)));
|
||||||
|
maxPackSizeLimit = limit;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check whether the client expects a side-band stream.
|
* Check whether the client expects a side-band stream.
|
||||||
*
|
*
|
||||||
|
@ -741,6 +765,14 @@ protected void init(final InputStream input, final OutputStream output,
|
||||||
rawOut = o;
|
rawOut = o;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (maxPackSizeLimit >= 0)
|
||||||
|
rawIn = new LimitedInputStream(rawIn, maxPackSizeLimit) {
|
||||||
|
@Override
|
||||||
|
protected void limitExceeded() throws TooLargePackException {
|
||||||
|
throw new TooLargePackException(limit);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
pckIn = new PacketLineIn(rawIn);
|
pckIn = new PacketLineIn(rawIn);
|
||||||
pckOut = new PacketLineOut(rawOut);
|
pckOut = new PacketLineOut(rawOut);
|
||||||
pckOut.setFlushOnEnd(false);
|
pckOut.setFlushOnEnd(false);
|
||||||
|
|
|
@ -0,0 +1,154 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2007 The Guava Authors
|
||||||
|
* Copyright (C) 2014, Sasa Zivkov <sasa.zivkov@sap.com>, SAP AG
|
||||||
|
* and other copyright owners as documented in the project's IP log.
|
||||||
|
*
|
||||||
|
* This program and the accompanying materials are made available
|
||||||
|
* under the terms of the Eclipse Distribution License v1.0 which
|
||||||
|
* accompanies this distribution, is reproduced below, and is
|
||||||
|
* available at http://www.eclipse.org/org/documents/edl-v10.php
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or
|
||||||
|
* without modification, are permitted provided that the following
|
||||||
|
* conditions are met:
|
||||||
|
*
|
||||||
|
* - Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* - Redistributions in binary form must reproduce the above
|
||||||
|
* copyright notice, this list of conditions and the following
|
||||||
|
* disclaimer in the documentation and/or other materials provided
|
||||||
|
* with the distribution.
|
||||||
|
*
|
||||||
|
* - Neither the name of the Eclipse Foundation, Inc. nor the
|
||||||
|
* names of its contributors may be used to endorse or promote
|
||||||
|
* products derived from this software without specific prior
|
||||||
|
* written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
|
||||||
|
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
||||||
|
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
||||||
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||||
|
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||||
|
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.eclipse.jgit.util.io;
|
||||||
|
|
||||||
|
import java.io.FilterInputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Wraps a {@link InputStream}, limiting the number of bytes which can be
|
||||||
|
* read.
|
||||||
|
*
|
||||||
|
* This class was copied and modifed from the Google Guava 16.0. Differently from
|
||||||
|
* the original Guava code, when a caller tries to read from this stream past
|
||||||
|
* the given limit and the wrapped stream hasn't yet reached its EOF this class
|
||||||
|
* will call the limitExceeded method instead of returning EOF.
|
||||||
|
*
|
||||||
|
* @since 3.3
|
||||||
|
*/
|
||||||
|
public abstract class LimitedInputStream extends FilterInputStream {
|
||||||
|
|
||||||
|
private long left;
|
||||||
|
/** Max number of bytes to be read from the wrapped stream */
|
||||||
|
protected final long limit;
|
||||||
|
private long mark = -1;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a new LimitedInputStream
|
||||||
|
*
|
||||||
|
* @param in an InputStream
|
||||||
|
* @param limit max number of bytes to read from the InputStream
|
||||||
|
*/
|
||||||
|
protected LimitedInputStream(InputStream in, long limit) {
|
||||||
|
super(in);
|
||||||
|
left = limit;
|
||||||
|
this.limit = limit;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int available() throws IOException {
|
||||||
|
return (int) Math.min(in.available(), left);
|
||||||
|
}
|
||||||
|
|
||||||
|
// it's okay to mark even if mark isn't supported, as reset won't work
|
||||||
|
@Override
|
||||||
|
public synchronized void mark(int readLimit) {
|
||||||
|
in.mark(readLimit);
|
||||||
|
mark = left;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int read() throws IOException {
|
||||||
|
if (left == 0) {
|
||||||
|
if (in.available() == 0)
|
||||||
|
return -1;
|
||||||
|
else
|
||||||
|
limitExceeded();
|
||||||
|
}
|
||||||
|
|
||||||
|
int result = in.read();
|
||||||
|
if (result != -1)
|
||||||
|
--left;
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int read(byte[] b, int off, int len) throws IOException {
|
||||||
|
if (left == 0) {
|
||||||
|
if (in.available() == 0)
|
||||||
|
return -1;
|
||||||
|
else
|
||||||
|
limitExceeded();
|
||||||
|
}
|
||||||
|
|
||||||
|
len = (int) Math.min(len, left);
|
||||||
|
int result = in.read(b, off, len);
|
||||||
|
if (result != -1)
|
||||||
|
left -= result;
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public synchronized void reset() throws IOException {
|
||||||
|
if (!in.markSupported())
|
||||||
|
throw new IOException("Mark not supported");
|
||||||
|
|
||||||
|
if (mark == -1)
|
||||||
|
throw new IOException("Mark not set");
|
||||||
|
|
||||||
|
in.reset();
|
||||||
|
left = mark;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public long skip(long n) throws IOException {
|
||||||
|
n = Math.min(n, left);
|
||||||
|
long skipped = in.skip(n);
|
||||||
|
left -= skipped;
|
||||||
|
return skipped;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Called when trying to read past the given {@link #limit} and the wrapped
|
||||||
|
* InputStream {@link #in} hasn't yet reached its EOF
|
||||||
|
*
|
||||||
|
* @throws IOException
|
||||||
|
* subclasses can throw an IOException when the limit is exceeded.
|
||||||
|
* The throws IOException will be forwarded back to the caller of
|
||||||
|
* the read method which read the stream past the limit.
|
||||||
|
*/
|
||||||
|
protected abstract void limitExceeded() throws IOException;
|
||||||
|
}
|
Loading…
Reference in New Issue