From eef3454015772e341beb069db959ceb0720a5e24 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 08 Sep 2014 14:46:51 -0400
Subject: [PATCH] Merged #169 "Do not display stacktraces for bad requests in servlets"

---
 src/main/java/com/gitblit/servlet/BranchGraphServlet.java |   33 ++++++++++++++++++++++++++++++++-
 1 files changed, 32 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/servlet/BranchGraphServlet.java b/src/main/java/com/gitblit/servlet/BranchGraphServlet.java
index 0abe347..fa2152c 100644
--- a/src/main/java/com/gitblit/servlet/BranchGraphServlet.java
+++ b/src/main/java/com/gitblit/servlet/BranchGraphServlet.java
@@ -40,6 +40,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.revplot.AbstractPlotRenderer;
@@ -48,6 +49,8 @@
 import org.eclipse.jgit.revplot.PlotLane;
 import org.eclipse.jgit.revplot.PlotWalk;
 import org.eclipse.jgit.revwalk.RevCommit;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.gitblit.Constants;
 import com.gitblit.IStoredSettings;
@@ -75,6 +78,8 @@
 	private static final int ROW_HEIGHT = 24;
 
 	private static final int RIGHT_PAD = 2;
+
+	private final Logger log = LoggerFactory.getLogger(getClass());
 
 	private final Stroke[] strokeCache;
 
@@ -117,6 +122,9 @@
 	@Override
 	protected long getLastModified(HttpServletRequest req) {
 		String repository = req.getParameter("r");
+		if (StringUtils.isEmpty(repository)) {
+			return 0;
+		}
 		String objectId = req.getParameter("h");
 		Repository r = null;
 		try {
@@ -124,8 +132,15 @@
 			if (StringUtils.isEmpty(objectId)) {
 				objectId = JGitUtils.getHEADRef(r);
 			}
+			ObjectId id = r.resolve(objectId);
+			if (id == null) {
+				return 0;
+			}
 			RevCommit commit = JGitUtils.getCommit(r, objectId);
 			return JGitUtils.getCommitDate(commit).getTime();
+		} catch (Exception e) {
+			log.error("Failed to determine last modified", e);
+			return 0;
 		} finally {
 			if (r != null) {
 				r.close();
@@ -141,17 +156,33 @@
 		PlotWalk rw = null;
 		try {
 			String repository = request.getParameter("r");
+			if (StringUtils.isEmpty(repository)) {
+				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+				response.getWriter().append("Bad request");
+				return;
+			}
 			String objectId = request.getParameter("h");
 			String length = request.getParameter("l");
 
 			r = repositoryManager.getRepository(repository);
+			if (r == null) {
+				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+				response.getWriter().append("Bad request");
+				return;
+			}
 
 			rw = new PlotWalk(r);
 			if (StringUtils.isEmpty(objectId)) {
 				objectId = JGitUtils.getHEADRef(r);
 			}
 
-			rw.markStart(rw.lookupCommit(r.resolve(objectId)));
+			ObjectId id = r.resolve(objectId);
+			if (id ==  null) {
+				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+				response.getWriter().append("Bad request");
+				return;
+			}
+			rw.markStart(rw.lookupCommit(id));
 
 			// default to the items-per-page setting, unless specified
 			int maxCommits = settings.getInteger(Keys.web.itemsPerPage, 50);

--
Gitblit v1.9.1