refactor: consolidate pkt-line pack boundary parsing on PacketLineIn#153
Merged
coopernetes merged 1 commit intomainfrom Apr 15, 2026
Merged
refactor: consolidate pkt-line pack boundary parsing on PacketLineIn#153coopernetes merged 1 commit intomainfrom
coopernetes merged 1 commit intomainfrom
Conversation
Replace the duplicated hand-rolled pkt-line length parser in GitReceivePackParser and EnrichPushCommitsFilter with a single shared helper that uses JGit's PacketLineIn to walk the pkt-line framing. Both call sites now go through GitReceivePackParser.findPackDataOffset. ParseGitRequestFilter already consumes the initial pkt-lines via PacketLineIn, so this finishes the job of replacing the in-tree pkt-line framing code with the JGit primitive. The CVE-2025-54584 protection is preserved — walking real pkt-line framing is inherently safe against spoofed PACK bytes in ref names.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GitReceivePackParserandEnrichPushCommitsFilterwith a single shared helper that uses JGit'sPacketLineInto walk the pkt-line framing.GitReceivePackParser.findPackDataOffset.parsePacketLengthand two copies of the pkt-line walker removed.Context
ParseGitRequestFilteralready consumes the initial pkt-lines viaPacketLineIn. This PR finishes the job of replacing in-tree pkt-line framing code with the JGit primitive wherever we still had it.CVE-2025-54584 protection is preserved — walking real pkt-line framing via
PacketLineInis inherently safe against spoofedPACKbytes in ref names (e.g.refs/heads/PACK-evil), which was the original motivation for the hardened byte-walking code.Test plan
./gradlew :git-proxy-java-core:test :git-proxy-java-core:jacocoTestCoverageVerification --rerunpassesGitReceivePackParserTestcases covering spoofed-PACK-in-ref and pkt-line prefix walking still pass unchangedEnrichPushCommitsFilterTestandParseGitRequestFilterTestunaffected