Google Git
Sign in
gerrit / gerrit / 7cded9acf63c8f521eea6d6392f3d6523171390a^! / .
commit7cded9acf63c8f521eea6d6392f3d6523171390a[log] [tgz]
authorMagnus Bäck <baeck@google.com>Mon Jun 25 10:31:09 2012 -0400
committerMagnus Bäck <baeck@google.com>Mon Jun 25 10:31:09 2012 -0400
tree387bab191b7aa037c1c9c3e62c99919d8b62928d
parent8ddb12edcb3256bdfed1fe1f31b87b8899618dc7 [diff]
Tighten UUID regexp used to check if a group is internal

The regular expression in AccountGroup.isInternalGroup() used
to determine whether a group identified by a particular UUID
is an internal Gerrit group was sloppy in that any UUID
containing a 40 (or more) character hex digit sequence anywhere
in the string was deemed an internal group. While very unlikely,
the expression could falsely match UUIDs from other systems.

Change-Id: Ie7cc56754bc11a6526fa1f35ea449e11b6c47a30

diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java
index 2ea659d..061ef3e 100644
--- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java
+++ b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java

@@ -82,7 +82,7 @@
   /** @return true if the UUID is for a group managed within Gerrit. */
   public static boolean isInternalGroup(AccountGroup.UUID uuid) {
     return uuid.get().startsWith("global:")
-        || uuid.get().matches("[0-9a-f]{40}");
+        || uuid.get().matches("^[0-9a-f]{40}$");
   }
 
   /** Synthetic key to link to within the database */