Check the committer rather than the Gerrit owner. Guarding based on the Gerrit owner can be circumvented by an arbitrary user uploading a different patch with a Change-Id that is non-unique, with the other copy being owned by a Googler. Change-Id: I5414b679e361d4c38d70bf9c4516c122f668fc49

commit: b4060330aa1f8c18f5957b9d9c92bcf153d3a31b [log] [tgz]
author: Dan Albert <danalbert@google.com> Mon Jan 12 16:23:53 2015 -0800
committer: Dan Albert <danalbert@google.com> Mon Jan 12 16:33:17 2015 -0800
tree: f8e8d79260fbcf10a9bde2b6c5893c4e751cbd82
parent: 8d50e16aa96291612c95f89b49ecfacf556241a6 [diff] [blame]
diff --git a/tools/bionicbb/gerrit.py b/tools/bionicbb/gerrit.py
index a3d5887..76e42b4 100644
--- a/tools/bionicbb/gerrit.py
+++ b/tools/bionicbb/gerrit.py

@@ -24,6 +24,11 @@
         super(GerritError, self).__init__('Error {}: {}'.format(code, url))
 
 
+def get_commit(change_id, revision):
+    return json.loads(
+        call('/changes/{}/revisions/{}/commit'.format(change_id, revision)))
+
+
 def call(endpoint, method='GET'):
     if method != 'GET':
         raise NotImplementedError('Currently only HTTP GET is supported.')
commit	b4060330aa1f8c18f5957b9d9c92bcf153d3a31b	[log] [tgz]
author	Dan Albert <danalbert@google.com>	Mon Jan 12 16:23:53 2015 -0800
committer	Dan Albert <danalbert@google.com>	Mon Jan 12 16:33:17 2015 -0800
tree	f8e8d79260fbcf10a9bde2b6c5893c4e751cbd82
parent	8d50e16aa96291612c95f89b49ecfacf556241a6 [diff] [blame]