Tighten UUID regexp used to check if a group is internal

The regular expression in AccountGroup.isInternalGroup() used to determine whether a group identified by a particular UUID is an internal Gerrit group was sloppy in that any UUID containing a 40 (or more) character hex digit sequence anywhere in the string was deemed an internal group. While very unlikely, the expression could falsely match UUIDs from other systems. Change-Id: Ie7cc56754bc11a6526fa1f35ea449e11b6c47a30
atdt · Jun 25, 2012 · 7cded9a · 7cded9a
1 parent 8ddb12e
commit 7cded9a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/AccountGroup.java
@@ -82,7 +82,7 @@ public static UUID parse(final String str) {
   /** @return true if the UUID is for a group managed within Gerrit. */
   public static boolean isInternalGroup(AccountGroup.UUID uuid) {
     return uuid.get().startsWith("global:")
-        || uuid.get().matches("[0-9a-f]{40}");
+        || uuid.get().matches("^[0-9a-f]{40}$");
   }
 
   /** Synthetic key to link to within the database */