From 1d78b8b372f15d89f10fd32cb0227a6a7966de3c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 17 Apr 2014 23:08:07 -0400
Subject: [PATCH] [findbugs] Clarify class used for resource loading

---
 src/main/java/com/gitblit/git/GitblitReceivePack.java |  110 +++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 103 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/gitblit/git/GitblitReceivePack.java b/src/main/java/com/gitblit/git/GitblitReceivePack.java
index 35f0d86..61f2d67 100644
--- a/src/main/java/com/gitblit/git/GitblitReceivePack.java
+++ b/src/main/java/com/gitblit/git/GitblitReceivePack.java
@@ -47,9 +47,11 @@
 import com.gitblit.IStoredSettings;
 import com.gitblit.Keys;
 import com.gitblit.client.Translation;
+import com.gitblit.extensions.ReceiveHook;
 import com.gitblit.manager.IGitblit;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
+import com.gitblit.tickets.BranchTicketService;
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.ClientLogger;
 import com.gitblit.utils.CommitCache;
@@ -117,9 +119,46 @@
 		setAllowDeletes(user.canDeleteRef(repository));
 		setAllowNonFastForwards(user.canRewindRef(repository));
 
+		int maxObjectSz = settings.getInteger(Keys.git.maxObjectSizeLimit, -1);
+		if (maxObjectSz >= 0) {
+			setMaxObjectSizeLimit(maxObjectSz);
+		}
+		int maxPackSz = settings.getInteger(Keys.git.maxPackSizeLimit, -1);
+		if (maxPackSz >= 0) {
+			setMaxPackSizeLimit(maxPackSz);
+		}
+		setCheckReceivedObjects(settings.getBoolean(Keys.git.checkReceivedObjects, true));
+		setCheckReferencedObjectsAreReachable(settings.getBoolean(Keys.git.checkReferencedObjectsAreReachable, true));
+
 		// setup pre and post receive hook
 		setPreReceiveHook(this);
 		setPostReceiveHook(this);
+	}
+
+	/**
+	 * Returns true if the user is permitted to apply the receive commands to
+	 * the repository.
+	 *
+	 * @param commands
+	 * @return true if the user may push these commands
+	 */
+	protected boolean canPush(Collection<ReceiveCommand> commands) {
+		// TODO Consider supporting branch permissions here (issue-36)
+		// Not sure if that should be Gerrit-style, refs/meta/config, or
+		// gitolite-style, permissions in users.conf
+		//
+		// How could commands be empty?
+		//
+		// Because a subclass, like PatchsetReceivePack, filters receive
+		// commands before this method is called.  This makes it possible for
+		// this method to test an empty list.  In this case, we assume that the
+		// subclass receive pack properly enforces push restrictions. for the
+		// ref.
+		//
+		// The empty test is not explicitly required, it's written here to
+		// clarify special-case behavior.
+
+		return commands.isEmpty() ? true : user.canPush(repository);
 	}
 
 	/**
@@ -129,6 +168,14 @@
 	 */
 	@Override
 	public void onPreReceive(ReceivePack rp, Collection<ReceiveCommand> commands) {
+
+		if (commands.size() == 0) {
+			// no receive commands to process
+			// this can happen if receive pack subclasses intercept and filter
+			// the commands
+			LOGGER.debug("skipping pre-receive processing, no refs created, updated, or removed");
+			return;
+		}
 
 		if (repository.isMirror) {
 			// repository is a mirror
@@ -154,7 +201,7 @@
 			return;
 		}
 
-		if (!user.canPush(repository)) {
+		if (!canPush(commands)) {
 			// user does not have push permissions
 			for (ReceiveCommand cmd : commands) {
 				sendRejection(cmd, "User \"{0}\" does not have push permissions for \"{1}\"!", user.username, repository.name);
@@ -236,6 +283,25 @@
 				default:
 					break;
 				}
+			} else if (ref.equals(BranchTicketService.BRANCH)) {
+				// ensure pushing user is an administrator OR an owner
+				// i.e. prevent ticket tampering
+				boolean permitted = user.canAdmin() || repository.isOwner(user.username);
+				if (!permitted) {
+					sendRejection(cmd, "{0} is not permitted to push to {1}", user.username, ref);
+				}
+			} else if (ref.startsWith(Constants.R_FOR)) {
+				// prevent accidental push to refs/for
+				sendRejection(cmd, "{0} is not configured to receive patchsets", repository.name);
+			}
+		}
+
+		// call pre-receive plugins
+		for (ReceiveHook hook : gitblit.getExtensions(ReceiveHook.class)) {
+			try {
+				hook.onPreReceive(this, commands);
+			} catch (Exception e) {
+				LOGGER.error("Failed to execute extension", e);
 			}
 		}
 
@@ -261,7 +327,7 @@
 	@Override
 	public void onPostReceive(ReceivePack rp, Collection<ReceiveCommand> commands) {
 		if (commands.size() == 0) {
-			LOGGER.debug("skipping post-receive hooks, no refs created, updated, or removed");
+			LOGGER.debug("skipping post-receive processing, no refs created, updated, or removed");
 			return;
 		}
 
@@ -333,6 +399,24 @@
 			LOGGER.error(MessageFormat.format("Failed to update {0} pushlog", repository.name), e);
 		}
 
+		// check for updates pushed to the BranchTicketService branch
+		// if the BranchTicketService is active it will reindex, as appropriate
+		for (ReceiveCommand cmd : commands) {
+			if (Result.OK.equals(cmd.getResult())
+					&& BranchTicketService.BRANCH.equals(cmd.getRefName())) {
+				rp.getRepository().fireEvent(new ReceiveCommandEvent(repository, cmd));
+			}
+		}
+
+		// call post-receive plugins
+		for (ReceiveHook hook : gitblit.getExtensions(ReceiveHook.class)) {
+			try {
+				hook.onPostReceive(this, commands);
+			} catch (Exception e) {
+				LOGGER.error("Failed to execute extension", e);
+			}
+		}
+
 		// run Groovy hook scripts
 		Set<String> scripts = new LinkedHashSet<String>();
 		scripts.addAll(gitblit.getPostReceiveScriptsInherited(repository));
@@ -388,7 +472,7 @@
 		this.gitblitUrl = url;
 	}
 
-	protected void sendRejection(final ReceiveCommand cmd, final String why, Object... objects) {
+	public void sendRejection(final ReceiveCommand cmd, final String why, Object... objects) {
 		String text;
 		if (ArrayUtils.isEmpty(objects)) {
 			text = why;
@@ -399,15 +483,15 @@
 		LOGGER.error(text + " (" + user.username + ")");
 	}
 
-	protected void sendHeader(String msg, Object... objects) {
+	public void sendHeader(String msg, Object... objects) {
 		sendInfo("--> ", msg, objects);
 	}
 
-	protected void sendInfo(String msg, Object... objects) {
+	public void sendInfo(String msg, Object... objects) {
 		sendInfo("    ", msg, objects);
 	}
 
-	protected void sendInfo(String prefix, String msg, Object... objects) {
+	private void sendInfo(String prefix, String msg, Object... objects) {
 		String text;
 		if (ArrayUtils.isEmpty(objects)) {
 			text = msg;
@@ -421,7 +505,7 @@
 		}
 	}
 
-	protected void sendError(String msg, Object... objects) {
+	public void sendError(String msg, Object... objects) {
 		String text;
 		if (ArrayUtils.isEmpty(objects)) {
 			text = msg;
@@ -486,4 +570,16 @@
 			}
 		}
 	}
+
+	public IGitblit getGitblit() {
+		return gitblit;
+	}
+
+	public RepositoryModel getRepositoryModel() {
+		return repository;
+	}
+
+	public UserModel getUserModel() {
+		return user;
+	}
 }

--
Gitblit v1.9.1