ban internal Repo vars from being set by the index JSON

These things should never be settable from the server.

app/src/main/java/org/fdroid/fdroid/data/Repo.java

@@ -26,6 +26,7 @@ package org.fdroid.fdroid.data;
 import android.content.ContentValues;
 import android.database.Cursor;
 import android.text.TextUtils;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.fdroid.fdroid.FDroidApp;
 import org.fdroid.fdroid.Utils;
 import org.fdroid.fdroid.data.Schema.RepoTable.Cols;
@@ -61,37 +62,63 @@ public class Repo extends ValueObject {
 
     public static final int INT_UNSET_VALUE = -1;
     // these are never set by the Apk/package index metadata
+    @JsonIgnore
     protected long id;
+    @JsonIgnore
+    public boolean inuse;
+    @JsonIgnore
+    public int priority;
+    @JsonIgnore
+    public Date lastUpdated;
+    @JsonIgnore
+    public boolean isSwap;
+    /**
+     * last etag we updated from, null forces update
+     */
+    @JsonIgnore
+    public String lastetag;
+    /**
+     * How to treat push requests included in this repo's index XML. This comes
+     * from {@code default_repo.xml} or perhaps user input.  It should never be
+     * settable from the server-side.
+     */
+    @JsonIgnore
+    public int pushRequests = PUSH_REQUEST_IGNORE;
 
     public String address;
     public String name;
     public String description;
     public String icon;
-    /** index version, i.e. what fdroidserver built it - 0 if not specified */
+    /**
+     * index version, i.e. what fdroidserver built it - 0 if not specified
+     */
     public int version;
-    public boolean inuse;
-    public int priority;
-    /** The signing certificate, {@code null} for a newly added repo */
+    /**
+     * The signing certificate, {@code null} for a newly added repo
+     */
     public String signingCertificate;
     /**
      * The SHA1 fingerprint of {@link #signingCertificate}, set to {@code null} when a
      * newly added repo did not include fingerprint. It should never be an
-     * empty {@link String}, i.e. {@code ""} */
+     * empty {@link String}, i.e. {@code ""}
+     */
     public String fingerprint;
-    /** maximum age of index that will be accepted - 0 for any */
+    /**
+     * maximum age of index that will be accepted - 0 for any
+     */
     public int maxage;
-    /** last etag we updated from, null forces update */
-    public String lastetag;
-    public Date lastUpdated;
-    public boolean isSwap;
 
     public String username;
     public String password;
 
-    /** When the signed repo index was generated, used to protect against replay attacks */
+    /**
+     * When the signed repo index was generated, used to protect against replay attacks
+     */
     public long timestamp;
 
-    /** Official mirrors of this repo, considered automatically interchangeable */
+    /**
+     * Official mirrors of this repo, considered automatically interchangeable
+     */
     public String[] mirrors;
 
     /**
@@ -99,9 +126,6 @@ public class Repo extends ValueObject {
      */
     public String[] userMirrors;
 
-    /** How to treat push requests included in this repo's index XML */
-    public int pushRequests = PUSH_REQUEST_IGNORE;
-
     public Repo() {
     }
 

app/src/test/java/org/fdroid/fdroid/updater/IndexV1UpdaterTest.java

@@ -49,6 +49,7 @@ import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.core.IsNot.not;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
@@ -89,6 +90,11 @@ public class IndexV1UpdaterTest extends FDroidProviderTest {
         List<App> apps = AppProvider.Helper.all(context.getContentResolver());
         assertEquals("63 apps present", 63, apps.size());
 
+        // these should never be set from the JSON, only by fdroidclient
+        assertEquals(Repo.PUSH_REQUEST_IGNORE, repo.pushRequests);
+        assertFalse(repo.isSwap);
+        assertNotEquals(99999, repo.priority);
+
         String[] packages = {
                 "fake.app.one",
                 "org.adaway",
@@ -425,6 +431,13 @@ public class IndexV1UpdaterTest extends FDroidProviderTest {
         assertEquals(1488828510109L, repo.timestamp);
         assertEquals("GPLv3", apps[0].license);
 
+        // these should never be set from the JSON, only by fdroidclient
+        assertEquals(Repo.PUSH_REQUEST_IGNORE, repo.pushRequests);
+        assertFalse(repo.inuse);
+        assertFalse(repo.isSwap);
+        assertNotEquals(99999, repo.priority);
+        assertNotEquals("foobar", repo.lastetag);
+
         Set<String> appFields = getFields(apps[0]);
         for (String field : appFields) {
             assertNotEquals("secret", field);

app/src/test/resources/all_fields_index-v1.json

@@ -7,6 +7,12 @@
         "address": "https://guardianproject.info/fdroid/repo",
         "description": "The official app repository of The Guardian Project. Applications in this repository are official binaries build by the original application developers and signed by the same key as the APKs that are released in the Google Play store. ",
         "secret": "trying to sneak something in",
+        "pushRequests": 2,
+        "inuse": true,
+        "isSwap": true,
+        "priority": 99999,
+        "id": 99999,
+        "lastetag": "foobar",
         "mirrors": [
             "http://bdf2wcxujkg6qqff.onion/fdroid/repo",
             "https://guardianproject.info/fdroid/repo",