Ensure clone.bundle files have proper header Server auth middleware may return a 200 from a clone.bundle request that is not a bundle file, but instead a login or access denied page. Instead of just checking the file size, actually check the first few bytes of the file to ensure it is a bundle file before proceeding. Change-Id: Icea07567c568a24fd838e5cf974c58f9e4abd7c0

commit: 91f3ba5a3f6e3c76577b94c0a6c31974d5a3f077 [log] [tgz]
author: Dave Borowitz <dborowitz@google.com> Mon Jun 03 12:15:23 2013 -0700
committer: Dave Borowitz <dborowitz@google.com> Tue Jun 04 00:12:01 2013 +0000
tree: f24f107433374a5ae8264af2dbfbf01b59703dc8
parent: 710d4b03911bc6fc0b313af56e81b957ccae2348 [diff]
diff --git a/project.py b/project.py
index 5a7a6ca..18e1131 100644
--- a/project.py
+++ b/project.py

@@ -1804,7 +1804,7 @@
       return False
 
     if os.path.exists(tmpPath):
-      if curlret == 0 and os.stat(tmpPath).st_size > 16:
+      if curlret == 0 and self._IsValidBundle(tmpPath):
         os.rename(tmpPath, dstPath)
         return True
       else:
@@ -1813,6 +1813,17 @@
     else:
       return False
 
+  def _IsValidBundle(self, path):
+    try:
+      with open(path) as f:
+        if f.read(16) == '# v2 git bundle\n':
+          return True
+        else:
+          print("Invalid clone.bundle file; ignoring.", file=sys.stderr)
+          return False
+    except OSError:
+      return False
+
   def _Checkout(self, rev, quiet=False):
     cmd = ['checkout']
     if quiet:
commit	91f3ba5a3f6e3c76577b94c0a6c31974d5a3f077	[log] [tgz]
author	Dave Borowitz <dborowitz@google.com>	Mon Jun 03 12:15:23 2013 -0700
committer	Dave Borowitz <dborowitz@google.com>	Tue Jun 04 00:12:01 2013 +0000
tree	f24f107433374a5ae8264af2dbfbf01b59703dc8
parent	710d4b03911bc6fc0b313af56e81b957ccae2348 [diff]