Limit max number of changes pushed in a batch.
'receive.maxBatchChanges' is the maximum number of changes that
Gerrit allows to be pushed in a batch for review. When it is
exceeded Gerrit rejects the push with an error message.
This setting can be used to prevent users from uploading large
number of changes by mistake, e.g. when pushing deliveries from
external git repositories.
Default is zero, no limit.
Change-Id: Ib9821190d3c88ac9a2efbb552e21c257165a9443
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index 02bed57..01b41d5 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@@ -2602,6 +2602,17 @@
+
Common unit suffixes of 'k', 'm', or 'g' are supported.
+[[receive.maxBatchChanges]]receive.maxBatchChanges::
++
+The maximum number of changes that Gerrit allows to be pushed
+in a batch for review. When this number is exceeded Gerrit rejects
+the push with an error message.
+
+This setting can be used to prevent users from uploading large
+number of changes for review by mistake.
+
+Default is zero, no limit.
+
[[receive.threadPoolSize]]receive.threadPoolSize::
+
Maximum size of the thread pool in which the change data in received packs is
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveCommits.java b/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveCommits.java
index 45c0fc7..548d89f 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveCommits.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveCommits.java
@@ -1444,6 +1444,7 @@
List<ChangeLookup> pending = Lists.newArrayList();
final Set<Change.Key> newChangeIds = new HashSet<>();
+ final int maxBatchChanges = receiveConfig.maxBatchChanges;
for (;;) {
final RevCommit c = walk.next();
if (c == null) {
@@ -1477,6 +1478,12 @@
changeKey = new Change.Key(idStr);
pending.add(new ChangeLookup(c, changeKey));
+ if (maxBatchChanges != 0 && pending.size() > maxBatchChanges) {
+ reject(magicBranch.cmd,
+ "the number of pushed changes in a batch exceeds the max limit "
+ + maxBatchChanges);
+ return Collections.emptyList();
+ }
}
for (ChangeLookup p : pending) {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveConfig.java
index 2efc94c..6d37ae0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveConfig.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/ReceiveConfig.java
@@ -25,6 +25,7 @@
final boolean checkMagicRefs;
final boolean checkReferencedObjectsAreReachable;
final boolean allowDrafts;
+ final int maxBatchChanges;
@Inject
ReceiveConfig(@GerritServerConfig Config config) {
@@ -37,5 +38,6 @@
allowDrafts = config.getBoolean(
"change", null, "allowDrafts",
true);
+ maxBatchChanges = config.getInt("receive", "maxBatchChanges", 0);
}
}
