8cd07cb815
This change is needed to implement permission aware ref database in Gerrit: [1], that is a pre-requisite to re-enable Git v2 protocol in Gerrit: [2]. Background: Last year Git v2 protocol was enabled in Gerrit. The fact, that JGit layer was not calling ref advertise filter for Git v2 protocol, introduced security vulnerability. The lesson learned from this security incident: Gerrit should not rely on ref advertise filter being called by JGit to implement crictical security checks. Instead, the idea is to use the same approach as currently used by Google's internal code on googlesource.com that didn't suffer from this vulnerability: provide a custom repository to JGit. The repository provides a RefDatabase that is permission-aware and will only ever return refs that the user has access to. However, due to hard coded instanceof operator usages in JGit code base, some tests in Gerrit are failing with: [1] in place. This change addresses this problem. [1] https://gerrit-review.googlesource.com/c/gerrit/+/212874 [2] https://gerrit-review.googlesource.com/c/gerrit/+/226754 Change-Id: I67c0f53ca33b149442e7ee3e51910d19e3f348d5 Signed-off-by: David Ostrovsky <david@ostrovsky.org> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> |
||
|---|---|---|
| .. | ||
| .settings | ||
| META-INF | ||
| resources/org/eclipse/jgit/http/server | ||
| src/org/eclipse/jgit/http/server | ||
| .classpath | ||
| .fbprefs | ||
| .gitignore | ||
| .project | ||
| BUILD | ||
| about.html | ||
| build.properties | ||
| plugin.properties | ||
| pom.xml | ||