From b76107bb240c54ba4d4c8e1d2badd412e5c473fa Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:23:50 -0500
Subject: [PATCH] Whitelist the "target" link attribute in the XSS filter

---
 src/main/java/com/gitblit/AddIndexedBranch.java |   56 +++++++++++++++++++++++++++-----------------------------
 1 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/src/main/java/com/gitblit/AddIndexedBranch.java b/src/main/java/com/gitblit/AddIndexedBranch.java
index 7a16bbd..459e1f0 100644
--- a/src/main/java/com/gitblit/AddIndexedBranch.java
+++ b/src/main/java/com/gitblit/AddIndexedBranch.java
@@ -28,11 +28,10 @@
 import org.eclipse.jgit.lib.StoredConfig;
 import org.eclipse.jgit.storage.file.FileRepositoryBuilder;
 import org.eclipse.jgit.util.FS;
+import org.kohsuke.args4j.CmdLineException;
+import org.kohsuke.args4j.CmdLineParser;
+import org.kohsuke.args4j.Option;
 
-import com.beust.jcommander.JCommander;
-import com.beust.jcommander.Parameter;
-import com.beust.jcommander.ParameterException;
-import com.beust.jcommander.Parameters;
 import com.gitblit.models.RefModel;
 import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.JGitUtils;
@@ -40,33 +39,33 @@
 
 /**
  * Utility class to add an indexBranch setting to matching repositories.
- * 
+ *
  * @author James Moger
- * 
+ *
  */
 public class AddIndexedBranch {
 
 	public static void main(String... args) {
 		Params params = new Params();
-		JCommander jc = new JCommander(params);
+		CmdLineParser parser = new CmdLineParser(params);
 		try {
-			jc.parse(args);
-		} catch (ParameterException t) {
+			parser.parseArgument(args);
+		} catch (CmdLineException t) {
 			System.err.println(t.getMessage());
-			jc.usage();
+			parser.printUsage(System.out);
 			return;
 		}
-		
+
 		// create a lowercase set of excluded repositories
 		Set<String> exclusions = new TreeSet<String>();
 		for (String exclude : params.exclusions) {
 			exclusions.add(exclude.toLowerCase());
 		}
-		
+
 		// determine available repositories
 		File folder = new File(params.folder);
 		List<String> repoList = JGitUtils.getRepositoryList(folder, false, true, -1, null);
-		
+
 		int modCount = 0;
 		int skipCount = 0;
 		for (String repo : repoList) {
@@ -77,25 +76,25 @@
 					break;
 				}
 			}
-			
+
 			if (skip) {
 				System.out.println("skipping " + repo);
 				skipCount++;
 				continue;
 			}
 
-			
+
 			try {
 				// load repository config
 				File gitDir = FileKey.resolve(new File(folder, repo), FS.DETECTED);
 				Repository repository = new FileRepositoryBuilder().setGitDir(gitDir).build();
 				StoredConfig config = repository.getConfig();
 				config.load();
-				
+
 				Set<String> indexedBranches = new LinkedHashSet<String>();
-				
+
 				// add all local branches to index
-				if(params.addAllLocalBranches) {
+				if (params.addAllLocalBranches) {
 					List<RefModel> list = JGitUtils.getLocalBranches(repository, true, -1);
 					for (RefModel refModel : list) {
 						System.out.println(MessageFormat.format("adding [gitblit] indexBranch={0} for {1}", refModel.getName(), repo));
@@ -107,7 +106,7 @@
 					System.out.println(MessageFormat.format("adding [gitblit] indexBranch={0} for {1}", params.branch, repo));
 					indexedBranches.add(params.branch);
 				}
-				
+
 				String [] branches = config.getStringList("gitblit", null, "indexBranch");
 				if (!ArrayUtils.isEmpty(branches)) {
 					for (String branch : branches) {
@@ -122,28 +121,27 @@
 				e.printStackTrace();
 			}
 		}
-		
+
 		System.out.println(MessageFormat.format("updated {0} repository configurations, skipped {1}", modCount, skipCount));
 	}
 
-	
+
 
 	/**
-	 * JCommander Parameters class for AddIndexedBranch.
+	 * Parameters class for AddIndexedBranch.
 	 */
-	@Parameters(separators = " ")
 	private static class Params {
 
-		@Parameter(names = { "--repositoriesFolder" }, description = "The root repositories folder ", required = true)
+		@Option(name =  "--repositoriesFolder", usage = "The root repositories folder ", required = true, metaVar = "PATH")
 		public String folder;
 
-		@Parameter(names = { "--branch" }, description = "The branch to index", required = false)
+		@Option(name = "--branch", usage = "The branch to index", metaVar = "BRANCH")
 		public String branch = "default";
 
-		@Parameter(names = { "--skip" }, description = "Skip the named repository (simple fizzy matching is supported)", required = false)
+		@Option(name = "--skip", usage = "Skip the named repository (simple fizzy matching is supported)")
 		public List<String> exclusions = new ArrayList<String>();
-		
-		@Parameter(names = { "--all-local-branches" }, description = "Add all local branches to index. If specified, the --branch parameter is not considered.", required = false)
-		public boolean addAllLocalBranches = false;
+
+		@Option(name = "--all-local-branches", usage = "Add all local branches to index. If specified, the --branch parameter is not considered.")
+		public boolean addAllLocalBranches;
 	}
 }

--
Gitblit v1.9.1