Mirrors_Framework/ghidra
1
0
Fork 0
mirror of https://github.com/NationalSecurityAgency/ghidra.git synced 2026-05-22 23:49:03 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

GP-6832 Corrected GhidraServer repository user list restrictions

Browse Source
This commit is contained in:
ghidra1
2026-05-18 13:20:12 -04:00
parent 61a06c8141
commit 892786bed9
2 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghidra/Features/GhidraServer/src/main/java/ghidra/server/Repository.java
+4 -2
View File
@@ -357,10 +357,12 @@ public class Repository implements FileSystemListener, RepositoryLogger {
LinkedHashMap<String, User> newUserMap = new LinkedHashMap<>();
for (User user : users) {
String userName = user.getName();
if (UserManager.ANONYMOUS_USERNAME.equals(userName) ||
!allUsers.contains(userName)) {
if (UserManager.ANONYMOUS_USERNAME.equals(userName)) {
continue; // ignore
}
if (!allUsers.contains(userName)) {
throw new IOException("Unknown user specified: " + userName);
}
if (!user.hasWritePermission() && !user.isReadOnly() && !user.isAdmin()) {
throw new IOException("User specified with invalid permission: " + userName);
}
Ghidra/Test/IntegrationTest/src/test.slow/java/ghidra/server/RepositoryTest.java
+21 -12
View File
@@ -4,9 +4,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* http://www.apache.org/licenses/LICENSE-2.0
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,6 +18,7 @@ package ghidra.server;
import static org.junit.Assert.*;
import java.io.File;
import java.io.IOException;
import org.junit.*;
@@ -50,7 +51,13 @@ public class RepositoryTest extends AbstractGhidraHeadedIntegrationTest {
serverRoot.mkdir();
mgr = new RepositoryManager(serverRoot, false, 0, false);
mgr.getUserManager().addUser(userName);
UserManager userManager = mgr.getUserManager();
userManager.addUser(userName);
userManager.addUser("user-a");
userManager.addUser("user-b");
userManager.addUser("user-c");
userManager.addUser("user-d");
repository = mgr.createRepository(userName, REPOSITORY_NAME);
}
@@ -94,17 +101,10 @@ public class RepositoryTest extends AbstractGhidraHeadedIntegrationTest {
Assert.fail("Should not have been able to change current user's access!");
}
catch (UserAccessException e) {
// expected
}
users[3] = new User("user-x", User.ADMIN);
try {
repository.setUserList(userName, users, false);
Assert.fail("Should not have been able to set the user list!");
}
catch (UserAccessException e) {
}
users[4] = new User(userName, User.ADMIN);
users[4] = new User(userName, User.ADMIN); // restore current users Admin access
repository.setUserList(userName, users, false);
User[] reportedUsers = repository.getUserList(userName);
@@ -113,6 +113,15 @@ public class RepositoryTest extends AbstractGhidraHeadedIntegrationTest {
assertEquals(users[i].getName(), reportedUsers[i].getName());
assertEquals(users[i].getPermissionType(), reportedUsers[i].getPermissionType());
}
users[3] = new User("user-x", User.ADMIN);
try {
repository.setUserList(userName, users, false);
Assert.fail("Should not have been able to specify unknown user");
}
catch (IOException e) {
// expected
}
}
@Test