| // Copyright (C) 2018 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package com.google.gerrit.server.git.receive; |
| |
| import static com.google.gerrit.git.ObjectIds.abbreviateName; |
| import static org.eclipse.jgit.transport.ReceiveCommand.Result.REJECTED_OTHER_REASON; |
| |
| import com.google.auto.value.AutoValue; |
| import com.google.common.collect.ImmutableList; |
| import com.google.common.collect.ImmutableListMultimap; |
| import com.google.common.flogger.FluentLogger; |
| import com.google.gerrit.common.Nullable; |
| import com.google.gerrit.entities.BranchNameKey; |
| import com.google.gerrit.entities.Change; |
| import com.google.gerrit.entities.Project; |
| import com.google.gerrit.server.IdentifiedUser; |
| import com.google.gerrit.server.events.CommitReceivedEvent; |
| import com.google.gerrit.server.git.validators.CommitValidationException; |
| import com.google.gerrit.server.git.validators.CommitValidationMessage; |
| import com.google.gerrit.server.git.validators.CommitValidators; |
| import com.google.gerrit.server.logging.TraceContext; |
| import com.google.gerrit.server.logging.TraceContext.TraceTimer; |
| import com.google.gerrit.server.patch.DiffOperationsForCommitValidation; |
| import com.google.gerrit.server.permissions.PermissionBackend; |
| import com.google.gerrit.server.project.ProjectState; |
| import com.google.gerrit.server.ssh.SshInfo; |
| import com.google.inject.Inject; |
| import com.google.inject.assistedinject.Assisted; |
| import java.io.IOException; |
| import org.eclipse.jgit.lib.Config; |
| import org.eclipse.jgit.lib.ObjectReader; |
| import org.eclipse.jgit.lib.Repository; |
| import org.eclipse.jgit.notes.NoteMap; |
| import org.eclipse.jgit.revwalk.RevCommit; |
| import org.eclipse.jgit.transport.ReceiveCommand; |
| |
| /** Validates single commits for a branch. */ |
| public class BranchCommitValidator { |
| private static final FluentLogger logger = FluentLogger.forEnclosingClass(); |
| |
| private final CommitValidators.Factory commitValidatorsFactory; |
| private final IdentifiedUser user; |
| private final PermissionBackend.ForProject permissions; |
| private final Project project; |
| private final BranchNameKey branch; |
| private final SshInfo sshInfo; |
| |
| interface Factory { |
| BranchCommitValidator create( |
| ProjectState projectState, BranchNameKey branch, IdentifiedUser user); |
| } |
| |
| /** A boolean validation status and a list of additional messages. */ |
| @AutoValue |
| abstract static class Result { |
| static Result create(boolean isValid, ImmutableList<CommitValidationMessage> messages) { |
| return new AutoValue_BranchCommitValidator_Result(isValid, messages); |
| } |
| |
| /** Whether the commit is valid. */ |
| abstract boolean isValid(); |
| |
| /** |
| * A list of messages related to the validation. Messages may be present regardless of the |
| * {@link #isValid()} status. |
| */ |
| abstract ImmutableList<CommitValidationMessage> messages(); |
| } |
| |
| @Inject |
| BranchCommitValidator( |
| CommitValidators.Factory commitValidatorsFactory, |
| PermissionBackend permissionBackend, |
| SshInfo sshInfo, |
| @Assisted ProjectState projectState, |
| @Assisted BranchNameKey branch, |
| @Assisted IdentifiedUser user) { |
| this.sshInfo = sshInfo; |
| this.user = user; |
| this.branch = branch; |
| this.commitValidatorsFactory = commitValidatorsFactory; |
| project = projectState.getProject(); |
| permissions = permissionBackend.user(user).project(project.getNameKey()); |
| } |
| |
| /** |
| * Validates a single commit. If the commit does not validate, the command is rejected. |
| * |
| * @param repository the repository |
| * @param objectReader the object reader to use. |
| * @param cmd the ReceiveCommand executing the push. |
| * @param commit the commit being validated. |
| * @param isMerged whether this is a merge commit created by magicBranch --merge option |
| * @param change the change for which this is a new patchset. |
| * @return The validation {@link Result}. |
| */ |
| Result validateCommit( |
| Repository repository, |
| ObjectReader objectReader, |
| DiffOperationsForCommitValidation diffOperationsForCommitValidation, |
| ReceiveCommand cmd, |
| RevCommit commit, |
| ImmutableListMultimap<String, String> pushOptions, |
| boolean isMerged, |
| NoteMap rejectCommits, |
| @Nullable Change change) |
| throws IOException { |
| return validateCommit( |
| repository, |
| objectReader, |
| diffOperationsForCommitValidation, |
| cmd, |
| commit, |
| pushOptions, |
| isMerged, |
| rejectCommits, |
| change, |
| false); |
| } |
| |
| /** |
| * Validates a single commit. If the commit does not validate, the command is rejected. |
| * |
| * @param repository the repository |
| * @param objectReader the object reader to use. |
| * @param cmd the ReceiveCommand executing the push. |
| * @param commit the commit being validated. |
| * @param isMerged whether this is a merge commit created by magicBranch --merge option |
| * @param change the change for which this is a new patchset. |
| * @param skipValidation whether 'skip-validation' was requested. |
| * @return The validation {@link Result}. |
| */ |
| Result validateCommit( |
| Repository repository, |
| ObjectReader objectReader, |
| DiffOperationsForCommitValidation diffOperationsForCommitValidation, |
| ReceiveCommand cmd, |
| RevCommit commit, |
| ImmutableListMultimap<String, String> pushOptions, |
| boolean isMerged, |
| NoteMap rejectCommits, |
| @Nullable Change change, |
| boolean skipValidation) |
| throws IOException { |
| try (TraceTimer traceTimer = TraceContext.newTimer("BranchCommitValidator#validateCommit")) { |
| ImmutableList.Builder<CommitValidationMessage> messages = new ImmutableList.Builder<>(); |
| try (CommitReceivedEvent receiveEvent = |
| new CommitReceivedEvent( |
| cmd, |
| project, |
| branch.branch(), |
| pushOptions, |
| new Config(repository.getConfig()), |
| objectReader, |
| commit, |
| user, |
| diffOperationsForCommitValidation)) { |
| CommitValidators validators; |
| if (isMerged) { |
| validators = |
| commitValidatorsFactory.forMergedCommits( |
| permissions, branch, user.asIdentifiedUser()); |
| } else { |
| validators = |
| commitValidatorsFactory.forReceiveCommits( |
| permissions, |
| branch, |
| user.asIdentifiedUser(), |
| sshInfo, |
| rejectCommits, |
| receiveEvent.revWalk, |
| change, |
| skipValidation); |
| } |
| |
| for (CommitValidationMessage m : validators.validate(receiveEvent)) { |
| messages.add( |
| new CommitValidationMessage( |
| messageForCommit(commit, m.getMessage(), objectReader), m.getType())); |
| } |
| } catch (CommitValidationException e) { |
| logger.atFine().log("Commit validation failed on %s", commit.name()); |
| for (CommitValidationMessage m : e.getMessages()) { |
| // The non-error messages may contain background explanation for the |
| // fatal error, so have to preserve all messages. |
| messages.add( |
| new CommitValidationMessage( |
| messageForCommit(commit, m.getMessage(), objectReader), m.getType())); |
| } |
| cmd.setResult( |
| REJECTED_OTHER_REASON, messageForCommit(commit, e.getMessage(), objectReader)); |
| return Result.create(false, messages.build()); |
| } |
| return Result.create(true, messages.build()); |
| } |
| } |
| |
| private String messageForCommit(RevCommit c, String msg, ObjectReader objectReader) |
| throws IOException { |
| return String.format("commit %s: %s", abbreviateName(c, objectReader), msg); |
| } |
| } |