)]}' { "commit": "d02084da95e9eefccebb28b21117cdb712669bfc", "tree": "8581fcc8ed86f1dab73460124fb3b126064d8703", "parents": [ "73ac69264a29094e5220ca1722e09db14a3e5991" ], "author": { "name": "Saša Živkov", "email": "sasa.zivkov@sap.com", "time": "Wed Mar 04 17:14:15 2020 +0100" }, "committer": { "name": "Saša Živkov", "email": "zivkov@gmail.com", "time": "Fri Mar 06 12:16:31 2020 +0000" }, "message": "Fix the access-path for AbstractGitCommand subclasses\n\nThe access path for the Receive.currentUser in the receive-pack command\nwas wrongly set to SSH_COMMAND instead of, as intended [1], to GIT.\nThis allowed project owners to force-update a ref using git-over-SSH\nwithout having en explicit permission for that, see [2].\n\nInterestingly, the current SSH session in the Receive.session had properly set\naccess-path for the associated user:\nReceive.session.getUser().getAccessPath() \u003d\u003d GIT.\nbut it wasn\u0027t used.\n\nYet another interesting thing is that both currentUser and session\nfields in the Receive class are redundant: we already have current SSH\nsession field in the base class (AbstractGitCommand) which has\nassociated current user with properly set access path to GIT.\n\nRemove both redundant fields and use the current session from the\nsuperclass and the current user from the current session. Refactor the\nForcePushIT into SshForcePushIT and HttpForcePushIT in order to test\npermission over both protocols.\n\n[1] https://gerrit.googlesource.com/gerrit/+/462bc1b5865ca6a5e386cb6fee95874c9d74bcb3/java/com/google/gerrit/sshd/AbstractGitCommand.java#72\n[2] https://gerrit.googlesource.com/gerrit/+/462bc1b5865ca6a5e386cb6fee95874c9d74bcb3/java/com/google/gerrit/server/permissions/RefControl.java#196\n\nBug: Issue 12440\nChange-Id: I909713411c1c576e6e63e074609d4198fd46397d\n", "tree_diff": [ { "type": "modify", "old_id": "c49ae82de21d9046ee75211ba18e130612f7f160", "old_mode": 33188, "old_path": "java/com/google/gerrit/sshd/AbstractGitCommand.java", "new_id": "f617ebb79b6ebc0d7980d183162220d637b51f2c", "new_mode": 33188, "new_path": "java/com/google/gerrit/sshd/AbstractGitCommand.java" }, { "type": "modify", "old_id": "53a9ca252bb6371ef61a6a2033958356830c81c8", "old_mode": 33188, "old_path": "java/com/google/gerrit/sshd/commands/Receive.java", "new_id": "0b089b68ce99eb4196f27817cbacc31465ad9ceb", "new_mode": 33188, "new_path": "java/com/google/gerrit/sshd/commands/Receive.java" }, { "type": "modify", "old_id": "30fd80aca51c34b976b09c57e9cefd8e833d964c", "old_mode": 33188, "old_path": "java/com/google/gerrit/sshd/commands/Upload.java", "new_id": "e195098a64108ed8cfa92cb03dc2cd5c41b1537e", "new_mode": 33188, "new_path": "java/com/google/gerrit/sshd/commands/Upload.java" }, { "type": "rename", "old_id": "d80faa8ee1ccde5be5922af107edd1e04c59f195", "old_mode": 33188, "old_path": "javatests/com/google/gerrit/acceptance/git/ForcePushIT.java", "new_id": "9b5fd7ab8c1c372bb7cea92f74a5a6b5f3ff6c8e", "new_mode": 33188, "new_path": "javatests/com/google/gerrit/acceptance/git/AbstractForcePush.java", "score": 97 }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "3fdc0238c95ffa1734f7805f88bbfdc646a0e5d3", "new_mode": 33188, "new_path": "javatests/com/google/gerrit/acceptance/git/HttpForcePushIT.java" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "4ccb3473558b0fd8fe37d234e811b7d475f5feb3", "new_mode": 33188, "new_path": "javatests/com/google/gerrit/acceptance/git/SshForcePushIT.java" } ] }