Check the committer rather than the Gerrit owner.

Guarding based on the Gerrit owner can be circumvented by an arbitrary user uploading a different patch with a Change-Id that is non-unique, with the other copy being owned by a Googler. Change-Id: I5414b679e361d4c38d70bf9c4516c122f668fc49
author: Dan Albert <danalbert@google.com> 2015-01-12 16:23:53 -0800
committer: Dan Albert <danalbert@google.com> 2015-01-12 16:33:17 -0800
commit: b4060330aa1f8c18f5957b9d9c92bcf153d3a31b (patch)
tree: f8e8d79260fbcf10a9bde2b6c5893c4e751cbd82 /tools/bionicbb/gerrit.py
parent: 8d50e16aa96291612c95f89b49ecfacf556241a6 (diff)
download: android_bionic-b4060330aa1f8c18f5957b9d9c92bcf153d3a31b.tar.gz
android_bionic-b4060330aa1f8c18f5957b9d9c92bcf153d3a31b.tar.bz2
android_bionic-b4060330aa1f8c18f5957b9d9c92bcf153d3a31b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/bionicbb/gerrit.py b/tools/bionicbb/gerrit.py
index a3d58876c..76e42b421 100644
--- a/tools/bionicbb/gerrit.py
+++ b/tools/bionicbb/gerrit.py
@@ -24,6 +24,11 @@ class GerritError(RuntimeError):
         super(GerritError, self).__init__('Error {}: {}'.format(code, url))
 
 
+def get_commit(change_id, revision):
+    return json.loads(
+        call('/changes/{}/revisions/{}/commit'.format(change_id, revision)))
+
+
 def call(endpoint, method='GET'):
     if method != 'GET':
         raise NotImplementedError('Currently only HTTP GET is supported.')
author	Dan Albert <danalbert@google.com>	2015-01-12 16:23:53 -0800
committer	Dan Albert <danalbert@google.com>	2015-01-12 16:33:17 -0800
commit	b4060330aa1f8c18f5957b9d9c92bcf153d3a31b (patch)
tree	f8e8d79260fbcf10a9bde2b6c5893c4e751cbd82 /tools/bionicbb/gerrit.py
parent	8d50e16aa96291612c95f89b49ecfacf556241a6 (diff)
download	android_bionic-b4060330aa1f8c18f5957b9d9c92bcf153d3a31b.tar.gz android_bionic-b4060330aa1f8c18f5957b9d9c92bcf153d3a31b.tar.bz2 android_bionic-b4060330aa1f8c18f5957b9d9c92bcf153d3a31b.zip