Google Git
Sign in
gerrit / gerrit / 538beca650cdbd1d4df6684fea8d6fcefa5964ce
commit538beca650cdbd1d4df6684fea8d6fcefa5964ce[log] [tgz]
authorEdwin Kempin <ekempin@google.com>Mon Feb 19 16:14:03 2024 +0000
committerEdwin Kempin <ekempin@google.com>Fri Apr 12 07:16:28 2024 +0000
tree45c94e8766ee0b6035480b7f3f452f310c6fd0e1
parent3e6ed81a073b08b609fcfbad105a70737f73d5bf [diff]
Fix endless loop when using "is:watched" in project watches

The "is:watched" predicate matches changes that are being watched.

To match changes that are being watched the "is:watched" predicate is
expanded to an OR query that has one "project:<watched-project>
<project-watch-filter>" predicate per project watch
("project:<watched-project>" is omitted if the project watch is the
All-Projects project, "<project-watch-filter>" is omitted if the project
watch doesn't set a filter). This expansion happens when the
IsWatchedByPredicate is instantiated. Expanding the query requires
loading the project watches of the user and parsing the filter (to
convert the filter string into Predicates).

If the filter of a project watch used the "is:watched" predicate,
querying changes by "is:watched" or checking whether a change matches
the project watch triggered an endless loop: If "is:watched" is used
ChangeQueryBuilder.parse creates an IsWatchedByPredicate instance (in
the is(String) method), which is expanded to the OR query (in the
IsWatchedByPredicate constructor), which requires parsing the project
watch filters. Parsing the project watch filters was done by
ChangeQueryBuilder.parse which creates another IsWatchedByPredicate
instance (in the is(String) method), which is again expanded to the OR
query (in the IsWatchedByPredicate constructor), which again requires
parsing the project watch filters, starting the loop anew.

To fix this we:

1. Disallow using "is:watched" in ProjectWatch.WatcherChangeQueryBuilder
   which is a subclass of ChangeQueryBuilder.parse used to check whether
   a change matches a project watch.

2. Change IsWatchedByPredicate to use
   ProjectWatch.WatcherChangeQueryBuilder to parse the project watch
   filters instead of ChangeQueryBuilder.

Using ProjectWatch.WatcherChangeQueryBuilder in IsWatchedByPredicate
makes the matching logic for project watches when a change is updated
consistent with the matching logic for project watches when "is:watched"
is used in a regular change query.

By disallowing "is:watched" in ProjectWatch.WatcherChangeQueryBuilder
project watches that use "is:watched" in their filter do not match any
change now. Before this change they triggered an endless loop, affecting
the stability of the service.

Note, IsWatchedByPredicate did have a check to prevent an endless loop
in this case, but it didn't work since the endless loop happened before
this check was reached.

Bug: Issue 321784734
Release-Notes: Fix endless loop when using "is:watched" in project watches
Change-Id: Ie38535b2df123a62dfd6a6e4b4ee60a80b0254f3
Signed-off-by: Edwin Kempin <ekempin@google.com>
4 files changed
tree: 45c94e8766ee0b6035480b7f3f452f310c6fd0e1
  1. .settings/
  2. .ts-out/
  3. antlr3/
  4. contrib/
  5. Documentation/
  6. e2e-tests/
  7. java/
  8. javatests/
  9. lib/
  10. modules/
  11. plugins/
  12. polygerrit-ui/
  13. prolog/
  14. prologtests/
  15. proto/
  16. resources/
  17. tools/
  18. webapp/
  19. polymer-bridges
  20. .bazelignore
  21. .bazelproject
  22. .bazelrc
  23. .bazelversion
  24. .editorconfig
  25. .git-blame-ignore-revs
  26. .gitignore
  27. .gitmodules
  28. .gitreview
  29. .mailmap
  30. .pydevproject
  31. .zuul.yaml
  32. BUILD
  33. COPYING
  34. INSTALL
  35. Jenkinsfile
  36. package.json
  37. README.md
  38. SUBMITTING_PATCHES
  39. version.bzl
  40. web-dev-server.config.mjs
  41. WORKSPACE
  42. yarn.lock
README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Build Status Maven Central

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Bazel and run the following:

    git clone --recurse-submodules https://gerrit.googlesource.com/gerrit
    cd gerrit && bazel build release

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update && apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

On Fedora run:

    dnf clean all && dnf install gerrit-<version>[-<release>]

Use pre-built Gerrit images on Docker

Docker images of Gerrit are available on DockerHub

To run a CentOS 8 based Gerrit image:

    docker run -p 8080:8080 gerritcodereview/gerrit[:version]-centos8

To run a Ubuntu 20.04 based Gerrit image:

    docker run -p 8080:8080 gerritcodereview/gerrit[:version]-ubuntu20

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.