Skip to content

J
jenkins

LinuxSuRen / jenkins
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
J
jenkins

体验新版 GitCode,发现更多精彩内容 >>

提交 021912b9 编写于 作者: J Jesse Glick
浏览文件
操作

Merge branch 'master' into AccessDeniedException2-header-size-JENKINS-39402

上级 63c67407 d0cdaa06
展开全部 隐藏空白更改
内联 并排
Showing with 2619 addition and 289 deletion
changelog.html
浏览文件 @ 021912b9
......@@ -56,9 +56,14 @@ Upcoming changes</a>
<!-- Record your changes in the trunk here. -->
<div id="trunk" style="display:none"><!--=TRUNK-BEGIN=-->
<ul class=image>
<li class=>
</ul>
</div><!--=TRUNK-END=-->
<h3><a name=v2.44>What's new in 2.44</a> (2017/02/01)</h3>
<ul class=image>
<li class="major bug">
<strong>Important security fixes</strong>
(<a href="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01">security advisory</a>)
</ul>
<h3><a name=v2.43>What's new in 2.43</a> (2017/01/29)</h3>
<ul class=image>
<li class=rfe>
......
cli/pom.xml
浏览文件 @ 021912b9
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.jenkins-ci.main</groupId>
<artifactId>pom</artifactId>
<version>2.44-SNAPSHOT</version>
<version>2.45-SNAPSHOT</version>
</parent>
<artifactId>cli</artifactId>
......
core/pom.xml
浏览文件 @ 021912b9
......@@ -29,7 +29,7 @@ THE SOFTWARE.
<parent>
<groupId>org.jenkins-ci.main</groupId>
<artifactId>pom</artifactId>
<version>2.44-SNAPSHOT</version>
<version>2.45-SNAPSHOT</version>
</parent>
<artifactId>jenkins-core</artifactId>
......@@ -159,7 +159,7 @@ THE SOFTWARE.
<dependency>
<groupId>org.kohsuke.stapler</groupId>
<artifactId>stapler-adjunct-timeline</artifactId>
<version>1.4</version>
<version>1.5</version>
</dependency>
<dependency>
<groupId>org.kohsuke.stapler</groupId>
......@@ -591,12 +591,6 @@ THE SOFTWARE.
<version>1.3.1-jenkins-1</version>
</dependency>
<dependency>
<groupId>org.mindrot</groupId>
<artifactId>jbcrypt</artifactId>
<version>0.3m</version>
</dependency>
<!-- offline profiler API to put in the classpath if we need it -->
<!--dependency>
<groupId>com.yourkit.api</groupId>
......
core/src/main/java/hudson/console/ConsoleNote.java
浏览文件 @ 021912b9
......@@ -51,6 +51,9 @@ import java.util.Collection;
import java.util.List;
import com.jcraft.jzlib.GZIPInputStream;
import com.jcraft.jzlib.GZIPOutputStream;
import hudson.remoting.ClassFilter;
import jenkins.security.HMACConfidentialKey;
import jenkins.util.SystemProperties;
/**
* Data that hangs off from a console output.
......@@ -94,8 +97,6 @@ import com.jcraft.jzlib.GZIPOutputStream;
* {@link ConsoleNote} always sticks to a particular point in the console output.
*
* <p>
* This design allows descendant processes of Hudson to emit {@link ConsoleNote}s. For example, Ant forked
* by a shell forked by Hudson can put an encoded note in its stdout, and Hudson will correctly understands that.
* The preamble and postamble includes a certain ANSI escape sequence designed in such a way to minimize garbage
* if this output is observed by a human being directly.
*
......@@ -121,6 +122,15 @@ import com.jcraft.jzlib.GZIPOutputStream;
* @since 1.349
*/
public abstract class ConsoleNote<T> implements Serializable, Describable<ConsoleNote<?>>, ExtensionPoint {
private static final HMACConfidentialKey MAC = new HMACConfidentialKey(ConsoleNote.class, "MAC");
/**
* Allows historical build records with unsigned console notes to be displayed, at the expense of any security.
* Disables checking of {@link #MAC} so do not set this flag unless you completely trust all users capable of affecting build output,
* which in practice means that all SCM committers as well as all Jenkins users with any non-read-only access are consider administrators.
*/
static /* nonfinal for tests & script console */ boolean INSECURE = SystemProperties.getBoolean(ConsoleNote.class.getName() + ".INSECURE");
/**
* When the line of a console output that this annotation is attached is read by someone,
* a new {@link ConsoleNote} is de-serialized and this method is invoked to annotate that line.
......@@ -179,6 +189,11 @@ public abstract class ConsoleNote<T> implements Serializable, Describable<Consol
DataOutputStream dos = new DataOutputStream(new Base64OutputStream(buf2,true,-1,null));
try {
buf2.write(PREAMBLE);
if (Jenkins.getInstanceOrNull() != null) { // else we are in another JVM and cannot sign; result will be ignored unless INSECURE
byte[] mac = MAC.mac(buf.toByteArray());
dos.writeInt(- mac.length); // negative to differentiate from older form
dos.write(mac);
}
dos.writeInt(buf.size());
buf.writeTo(dos);
} finally {
......@@ -211,7 +226,17 @@ public abstract class ConsoleNote<T> implements Serializable, Describable<Consol
return null; // not a valid preamble
DataInputStream decoded = new DataInputStream(new UnbufferedBase64InputStream(in));
int sz = decoded.readInt();
int macSz = - decoded.readInt();
byte[] mac;
int sz;
if (macSz > 0) { // new format
mac = new byte[macSz];
decoded.readFully(mac);
sz = decoded.readInt();
} else {
mac = null;
sz = - macSz;
}
byte[] buf = new byte[sz];
decoded.readFully(buf);
......@@ -220,8 +245,18 @@ public abstract class ConsoleNote<T> implements Serializable, Describable<Consol
if (!Arrays.equals(postamble,POSTAMBLE))
return null; // not a valid postamble
try (ObjectInputStream ois = new ObjectInputStreamEx(
new GZIPInputStream(new ByteArrayInputStream(buf)), Jenkins.getInstance().pluginManager.uberClassLoader)) {
if (mac == null) {
if (!INSECURE) {
throw new IOException("Refusing to deserialize unsigned note from an old log.");
}
} else if (!MAC.checkMac(buf, mac)) {
throw new IOException("MAC mismatch");
}
Jenkins jenkins = Jenkins.getInstance();
try (ObjectInputStream ois = new ObjectInputStreamEx(new GZIPInputStream(new ByteArrayInputStream(buf)),
jenkins != null ? jenkins.pluginManager.uberClassLoader : ConsoleNote.class.getClassLoader(),
ClassFilter.DEFAULT)) {
return (ConsoleNote) ois.readObject();
}
} catch (Error e) {
......@@ -241,8 +276,15 @@ public abstract class ConsoleNote<T> implements Serializable, Describable<Consol
return; // not a valid preamble
DataInputStream decoded = new DataInputStream(new UnbufferedBase64InputStream(in));
int sz = decoded.readInt();
IOUtils.skip(decoded,sz);
int macSz = - decoded.readInt();
if (macSz > 0) { // new format
IOUtils.skip(decoded, macSz);
int sz = decoded.readInt();
IOUtils.skip(decoded, sz);
} else { // old format
int sz = -macSz;
IOUtils.skip(decoded, sz);
}
byte[] postamble = new byte[POSTAMBLE.length];
in.readFully(postamble);
......
core/src/main/java/hudson/diagnosis/HudsonHomeDiskUsageMonitor.java
浏览文件 @ 021912b9
......@@ -32,6 +32,7 @@ import org.jenkinsci.Symbol;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;
import java.io.IOException;
import java.util.List;
......@@ -64,6 +65,7 @@ public final class HudsonHomeDiskUsageMonitor extends AdministrativeMonitor {
/**
* Depending on whether the user said "yes" or "no", send him to the right place.
*/
@RequirePOST
public HttpResponse doAct(@QueryParameter String no) throws IOException {
if(no!=null) {
disable(true);
......
core/src/main/java/hudson/diagnosis/OldDataMonitor.java
浏览文件 @ 021912b9
......@@ -52,6 +52,7 @@ import java.util.concurrent.ConcurrentMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
......
core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java
浏览文件 @ 021912b9
......@@ -37,6 +37,7 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.interceptor.RequirePOST;
/**
* Looks out for a broken reverse proxy setup that doesn't rewrite the location header correctly.
......@@ -84,6 +85,7 @@ public class ReverseProxySetupMonitor extends AdministrativeMonitor {
/**
* Depending on whether the user said "yes" or "no", send him to the right place.
*/
@RequirePOST
public HttpResponse doAct(@QueryParameter String no) throws IOException {
if(no!=null) { // dismiss
disable(true);
......
core/src/main/java/hudson/diagnosis/TooManyJobsButNoView.java
浏览文件 @ 021912b9
......@@ -29,6 +29,7 @@ import hudson.Extension;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import java.io.IOException;
......@@ -56,6 +57,7 @@ public class TooManyJobsButNoView extends AdministrativeMonitor {
/**
* Depending on whether the user said "yes" or "no", send him to the right place.
*/
@RequirePOST
public void doAct(StaplerRequest req, StaplerResponse rsp) throws IOException {
if(req.hasParameter("no")) {
disable(true);
......
core/src/main/java/hudson/model/AbstractItem.java
浏览文件 @ 021912b9
......@@ -44,7 +44,6 @@ import hudson.util.Secret;
import jenkins.model.DirectlyModifiableTopLevelItemGroup;
import jenkins.model.Jenkins;
import jenkins.security.NotReallyRoleSensitiveCallable;
import org.acegisecurity.Authentication;
import jenkins.util.xml.XMLUtils;
import org.apache.tools.ant.taskdefs.Copy;
......@@ -75,7 +74,6 @@ import org.kohsuke.stapler.interceptor.RequirePOST;
import org.xml.sax.SAXException;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.xml.transform.Source;
import javax.xml.transform.TransformerException;
import javax.xml.transform.stream.StreamResult;
......@@ -235,27 +233,10 @@ public abstract class AbstractItem extends Actionable implements Item, HttpDelet
if (this.name.equals(newName))
return;
// the test to see if the project already exists or not needs to be done in escalated privilege
// to avoid overwriting
ACL.impersonate(ACL.SYSTEM,new NotReallyRoleSensitiveCallable<Void,IOException>() {
final Authentication user = Jenkins.getAuthentication();
@Override
public Void call() throws IOException {
Item existing = parent.getItem(newName);
if (existing != null && existing!=AbstractItem.this) {
if (existing.getACL().hasPermission(user,Item.DISCOVER))
// the look up is case insensitive, so we need "existing!=this"
// to allow people to rename "Foo" to "foo", for example.
// see http://www.nabble.com/error-on-renaming-project-tt18061629.html
throw new IllegalArgumentException("Job " + newName + " already exists");
else {
// can't think of any real way to hide this, but at least the error message could be vague.
throw new IOException("Unable to rename to " + newName);
}
}
return null;
}
});
// the lookup is case insensitive, so we should not fail if this item was the “existing” one
// to allow people to rename "Foo" to "foo", for example.
// see http://www.nabble.com/error-on-renaming-project-tt18061629.html
Items.verifyItemDoesNotAlreadyExist(parent, newName, this);
File oldRoot = this.getRootDir();
......
core/src/main/java/hudson/model/AdministrativeMonitor.java
浏览文件 @ 021912b9
......@@ -33,8 +33,12 @@ import java.util.Set;
import java.io.IOException;
import jenkins.model.Jenkins;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
/**
* Checks the health of a subsystem of Jenkins and if there's something
......@@ -74,7 +78,7 @@ import org.kohsuke.stapler.StaplerResponse;
* @see Jenkins#administrativeMonitors
*/
@LegacyInstancesAreScopedToHudson
public abstract class AdministrativeMonitor extends AbstractModelObject implements ExtensionPoint {
public abstract class AdministrativeMonitor extends AbstractModelObject implements ExtensionPoint, StaplerProxy {
/**
* Human-readable ID of this monitor, which needs to be unique within the system.
*
......@@ -142,12 +146,21 @@ public abstract class AdministrativeMonitor extends AbstractModelObject implemen
/**
* URL binding to disable this monitor.
*/
@RequirePOST
public void doDisable(StaplerRequest req, StaplerResponse rsp) throws IOException {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
disable(true);
rsp.sendRedirect2(req.getContextPath()+"/manage");
}
/**
* Requires ADMINISTER permission for any operation in here.
*/
@Restricted(NoExternalUse.class)
public Object getTarget() {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
return this;
}
/**
* All registered {@link AdministrativeMonitor} instances.
*/
......
core/src/main/java/hudson/model/Computer.java
浏览文件 @ 021912b9
......@@ -1110,8 +1110,10 @@ public /*transient*/ abstract class Computer extends Actionable implements Acces
@Exported(inline=true)
public Map<String/*monitor name*/,Object> getMonitorData() {
Map<String,Object> r = new HashMap<String, Object>();
for (NodeMonitor monitor : NodeMonitor.getAll())
r.put(monitor.getClass().getName(),monitor.data(this));
if (hasPermission(CONNECT)) {
for (NodeMonitor monitor : NodeMonitor.getAll())
r.put(monitor.getClass().getName(), monitor.data(this));
}
return r;
}
......
core/src/main/java/hudson/model/Item.java
浏览文件 @ 021912b9
......@@ -231,7 +231,7 @@ public interface Item extends PersistenceRoot, SearchableModelObject, AccessCont
Permission DISCOVER = new Permission(PERMISSIONS, "Discover", Messages._AbstractProject_DiscoverPermission_Description(), READ, PermissionScope.ITEM);
/**
* Ability to view configuration details.
* If the user lacks {@link CONFIGURE} then any {@link Secret}s must be masked out, even in encrypted form.
* If the user lacks {@link #CONFIGURE} then any {@link Secret}s must be masked out, even in encrypted form.
* @see Secret#ENCRYPTED_VALUE_PATTERN
*/
Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._AbstractProject_ExtendedReadPermission_Description(), CONFIGURE, SystemProperties.getBoolean("hudson.security.ExtendedReadPermission"), new PermissionScope[]{PermissionScope.ITEM});
......
core/src/main/java/hudson/model/ItemGroupMixIn.java
浏览文件 @ 021912b9
......@@ -260,10 +260,7 @@ public abstract class ItemGroupMixIn {
acl.checkPermission(Item.CREATE);
Jenkins.getInstance().getProjectNamingStrategy().checkName(name);
if (parent.getItem(name) != null) {
throw new IllegalArgumentException(parent.getDisplayName() + " already contains an item '" + name + "'");
}
// TODO what if we have no DISCOVER permission on the existing job?
Items.verifyItemDoesNotAlreadyExist(parent, name, null);
// place it as config.xml
File configXml = Items.getConfigFile(getRootDirFor(name)).getFile();
......@@ -316,9 +313,7 @@ public abstract class ItemGroupMixIn {
acl.getACL().checkCreatePermission(parent, type);
Jenkins.getInstance().getProjectNamingStrategy().checkName(name);
if(parent.getItem(name)!=null)
throw new IllegalArgumentException("Project of the name "+name+" already exists");
// TODO problem with DISCOVER as noted above
Items.verifyItemDoesNotAlreadyExist(parent, name, null);
TopLevelItem item = type.newInstance(parent, name);
try {
......
core/src/main/java/hudson/model/Items.java
浏览文件 @ 021912b9
......@@ -493,9 +493,7 @@ public class Items {
throw new IllegalArgumentException();
}
String name = item.getName();
if (destination.getItem(name) != null) {
throw new IllegalArgumentException(name + " already exists");
}
verifyItemDoesNotAlreadyExist(destination, name, null);
String oldFullName = item.getFullName();
// TODO AbstractItem.renameTo has a more baroque implementation; factor it out into a utility method perhaps?
File destDir = destination.getRootDirFor(item);
......@@ -623,6 +621,30 @@ public class Items {
}
}
/**
* Securely check for the existence of an item before trying to create one with the same name.
* @param parent the folder where we are about to create/rename/move an item
* @param newName the proposed new name
* @param variant if not null, an existing item which we accept could be there
* @throws IllegalArgumentException if there is already something there, which you were supposed to know about
* @throws Failure if there is already something there but you should not be told details
*/
static void verifyItemDoesNotAlreadyExist(@Nonnull ItemGroup<?> parent, @Nonnull String newName, @CheckForNull Item variant) throws IllegalArgumentException, Failure {
Item existing;
try (ACLContext ctxt = ACL.as(ACL.SYSTEM)) {
existing = parent.getItem(newName);
}
if (existing != null && existing != variant) {
if (existing.hasPermission(Item.DISCOVER)) {
String prefix = parent.getFullName();
throw new IllegalArgumentException((prefix.isEmpty() ? "" : prefix + "/") + newName + " already exists");
} else {
// Cannot hide its existence, so at least be as vague as possible.
throw new Failure("");
}
}
}
/**
* Used to load/save job configuration.
*
......
core/src/main/java/hudson/model/ParameterValue.java
浏览文件 @ 021912b9
......@@ -31,11 +31,16 @@ import hudson.scm.SCM;
import hudson.tasks.BuildWrapper;
import hudson.tasks.Builder;
import hudson.util.VariableResolver;
import java.io.IOException;
import java.io.Serializable;
import java.util.Map;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.export.Exported;
......@@ -70,6 +75,9 @@ import org.kohsuke.stapler.export.ExportedBean;
*/
@ExportedBean(defaultVisibility=3)
public abstract class ParameterValue implements Serializable {
private static final Logger LOGGER = Logger.getLogger(ParameterValue.class.getName());
protected final String name;
private String description;
......@@ -91,6 +99,16 @@ public abstract class ParameterValue implements Serializable {
this.description = description;
}
@Restricted(DoNotUse.class) // for value.jelly
public String getFormattedDescription() {
try {
return Jenkins.getInstance().getMarkupFormatter().translate(description);
} catch (IOException e) {
LOGGER.warning("failed to translate description using configured markup formatter");
return "";
}
}
/**
* Name of the parameter.
*
......
core/src/main/java/hudson/model/User.java
浏览文件 @ 021912b9
......@@ -1122,5 +1122,20 @@ public class User extends AbstractModelObject implements AccessControlled, Descr
* JENKINS-22346.
*/
public static boolean ALLOW_NON_EXISTENT_USER_TO_LOGIN = SystemProperties.getBoolean(User.class.getName()+".allowNonExistentUserToLogin");
}
/**
* Jenkins historically created a (usually) ephemeral user record when an user with Overall/Administer permission
* accesses a /user/arbitraryName URL.
* <p>
* Unfortunately this constitutes a CSRF vulnerability, as malicious users can make admins create arbitrary numbers
* of ephemeral user records, so the behavior was changed in Jenkins 2.TODO / 2.32.2.
* <p>
* As some users may be relying on the previous behavior, setting this to true restores the previous behavior. This
* is not recommended.
*
* SECURITY-406.
*/
@Restricted(NoExternalUse.class)
public static boolean ALLOW_USER_CREATION_VIA_URL = SystemProperties.getBoolean(User.class.getName() + ".allowUserCreationViaUrl");
}
core/src/main/java/hudson/security/BCrypt.java 0 → 100644
浏览文件 @ 021912b9
此差异已折叠。
core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
浏览文件 @ 021912b9
......@@ -60,7 +60,6 @@ import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.mindrot.jbcrypt.BCrypt;
import org.springframework.dao.DataAccessException;
import javax.servlet.Filter;
......
core/src/main/java/hudson/slaves/OfflineCause.java
浏览文件 @ 021912b9
......@@ -24,16 +24,19 @@
package hudson.slaves;
import jenkins.model.Jenkins;
import hudson.Functions;
import hudson.model.Computer;
import hudson.model.User;
import jenkins.model.Jenkins;
import org.jvnet.localizer.Localizable;
import org.kohsuke.stapler.export.ExportedBean;
import org.kohsuke.stapler.export.Exported;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import java.io.ObjectStreamException;
import java.util.Collections;
import java.util.Date;
/**
......@@ -128,21 +131,49 @@ public abstract class OfflineCause {
/**
* Taken offline by user.
*
* @since 1.551
*/
public static class UserCause extends SimpleOfflineCause {
private final User user;
public UserCause(User user, String message) {
super(hudson.slaves.Messages._SlaveComputer_DisconnectedBy(
user!=null ? user.getId() : Jenkins.ANONYMOUS.getName(),
@Deprecated
private transient User user;
// null when unknown
private /*final*/ @CheckForNull String userId;
public UserCause(@CheckForNull User user, @CheckForNull String message) {
this(
user != null ? user.getId() : null,
message != null ? " : " + message : ""
));
this.user = user;
);
}
private UserCause(String userId, String message) {
super(hudson.slaves.Messages._SlaveComputer_DisconnectedBy(userId != null ? userId : Jenkins.ANONYMOUS.getName(), message));
this.userId = userId;
}
public User getUser() {
return user;
return userId == null
? User.getUnknown()
: User.getById(userId, true)
;
}
// Storing the User in a filed was a mistake, switch to userId
@SuppressWarnings("deprecation")
private Object readResolve() throws ObjectStreamException {
if (user != null) {
String id = user.getId();
if (id != null) {
userId = id;
} else {
// The user field is not properly deserialized so id may be missing. Look the user up by fullname
User user = User.get(this.user.getFullName(), true, Collections.emptyMap());
userId = user.getId();
}
this.user = null;
}
return this;
}
}
......
core/src/main/java/hudson/tools/JDKInstaller.java
浏览文件 @ 021912b9
......@@ -80,6 +80,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import static hudson.tools.JDKInstaller.Preference.*;
import org.kohsuke.stapler.interceptor.RequirePOST;
/**
* Install JDKs from java.sun.com.
......@@ -788,7 +789,9 @@ public class JDKInstaller extends ToolInstaller {
/**
* Submits the Oracle account username/password.
*/
@RequirePOST
public HttpResponse doPostCredential(@QueryParameter String username, @QueryParameter String password) throws IOException, ServletException {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
this.username = username;
this.password = Secret.fromString(password);
save();
......
core/src/main/java/hudson/util/HistoricalSecrets.java 0 → 100644
浏览文件 @ 021912b9
/*
* The MIT License
*
* Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi
* Copyright (c) 2016, CloudBees Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package hudson.util;
import com.trilead.ssh2.crypto.Base64;
import hudson.Util;
import jenkins.model.Jenkins;
import jenkins.security.CryptoConfidentialKey;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import java.io.IOException;
import java.security.GeneralSecurityException;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Historical algorithms for decrypting {@link Secret}s.
*/
@Restricted(NoExternalUse.class)
public class HistoricalSecrets {
/*package*/ static Secret decrypt(String data, CryptoConfidentialKey key) throws IOException, GeneralSecurityException {
byte[] in = Base64.decode(data.toCharArray());
Secret s = tryDecrypt(key.decrypt(), in);
if (s!=null) return s;
// try our historical key for backward compatibility
Cipher cipher = Secret.getCipher("AES");
cipher.init(Cipher.DECRYPT_MODE, getLegacyKey());
return tryDecrypt(cipher, in);
}
/*package*/ static Secret tryDecrypt(Cipher cipher, byte[] in) {
try {
String plainText = new String(cipher.doFinal(in), UTF_8);
if(plainText.endsWith(MAGIC))
return new Secret(plainText.substring(0,plainText.length()-MAGIC.length()));
return null;
} catch (GeneralSecurityException e) {
return null; // if the key doesn't match with the bytes, it can result in BadPaddingException
}
}
/**
* Turns {@link Jenkins#getSecretKey()} into an AES key.
*
* @deprecated
* This is no longer the key we use to encrypt new information, but we still need this
* to be able to decrypt what's already persisted.
*/
@Deprecated
/*package*/ static SecretKey getLegacyKey() throws GeneralSecurityException {
String secret = Secret.SECRET;
if(secret==null) return Jenkins.getInstance().getSecretKeyAsAES128();
return Util.toAes128Key(secret);
}
private static final String MAGIC = "::::MAGIC::::";
}
core/src/main/java/hudson/util/Secret.java
浏览文件 @ 021912b9
......@@ -2,6 +2,7 @@
* The MIT License
*
* Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi
* Copyright (c) 2016, CloudBees Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
......@@ -30,12 +31,12 @@ import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import com.trilead.ssh2.crypto.Base64;
import jenkins.util.SystemProperties;
import java.util.Arrays;
import jenkins.model.Jenkins;
import hudson.Util;
import jenkins.security.CryptoConfidentialKey;
import org.kohsuke.stapler.Stapler;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
......@@ -47,6 +48,8 @@ import javax.annotation.Nonnull;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Glorified {@link String} that uses encryption in the persisted form, to avoid accidental exposure of a secret.
*
......@@ -61,14 +64,21 @@ import org.kohsuke.accmod.restrictions.NoExternalUse;
* @author Kohsuke Kawaguchi
*/
public final class Secret implements Serializable {
private static final byte PAYLOAD_V1 = 1;
/**
* Unencrypted secret text.
*/
@Nonnull
private final String value;
private byte[] iv;
/*package*/ Secret(String value) {
this.value = value;
}
private Secret(String value) {
/*package*/ Secret(String value, byte[] iv) {
this.value = value;
this.iv = iv;
}
/**
......@@ -105,20 +115,6 @@ public final class Secret implements Serializable {
return value.hashCode();
}
/**
* Turns {@link Jenkins#getSecretKey()} into an AES key.
*
* @deprecated
* This is no longer the key we use to encrypt new information, but we still need this
* to be able to decrypt what's already persisted.
*/
@Deprecated
/*package*/ static SecretKey getLegacyKey() throws GeneralSecurityException {
String secret = SECRET;
if(secret==null) return Jenkins.getInstance().getSecretKeyAsAES128();
return Util.toAes128Key(secret);
}
/**
* Encrypts {@link #value} and returns it in an encoded printable form.
*
......@@ -126,23 +122,42 @@ public final class Secret implements Serializable {
*/
public String getEncryptedValue() {
try {
Cipher cipher = KEY.encrypt();
// add the magic suffix which works like a check sum.
return new String(Base64.encode(cipher.doFinal((value+MAGIC).getBytes("UTF-8"))));
synchronized (this) {
if (iv == null) { //if we were created from plain text or other reason without iv
iv = KEY.newIv();
}
}
Cipher cipher = KEY.encrypt(iv);
byte[] encrypted = cipher.doFinal(this.value.getBytes(UTF_8));
byte[] payload = new byte[1 + 8 + iv.length + encrypted.length];
int pos = 0;
// For PAYLOAD_V1 we use this byte shifting model, V2 probably will need DataOutput
payload[pos++] = PAYLOAD_V1;
payload[pos++] = (byte)(iv.length >> 24);
payload[pos++] = (byte)(iv.length >> 16);
payload[pos++] = (byte)(iv.length >> 8);
payload[pos++] = (byte)(iv.length);
payload[pos++] = (byte)(encrypted.length >> 24);
payload[pos++] = (byte)(encrypted.length >> 16);
payload[pos++] = (byte)(encrypted.length >> 8);
payload[pos++] = (byte)(encrypted.length);
System.arraycopy(iv, 0, payload, pos, iv.length);
pos+=iv.length;
System.arraycopy(encrypted, 0, payload, pos, encrypted.length);
return "{"+new String(Base64.encode(payload))+"}";
} catch (GeneralSecurityException e) {
throw new Error(e); // impossible
} catch (UnsupportedEncodingException e) {
throw new Error(e); // impossible
}
}
/**
* Pattern matching a possible output of {@link #getEncryptedValue}.
* Basically, any Base64-encoded value.
* You must then call {@link #decrypt} to eliminate false positives.
* Pattern matching a possible output of {@link #getEncryptedValue}
* Basically, any Base64-encoded value optionally wrapped by {@code {}}.
* You must then call {@link #decrypt(String)} to eliminate false positives.
* @see #ENCRYPTED_VALUE_PATTERN
*/
@Restricted(NoExternalUse.class)
public static final Pattern ENCRYPTED_VALUE_PATTERN = Pattern.compile("[A-Za-z0-9+/]+={0,2}");
public static final Pattern ENCRYPTED_VALUE_PATTERN = Pattern.compile("\\{?[A-Za-z0-9+/]+={0,2}}?");
/**
* Reverse operation of {@link #getEncryptedValue()}. Returns null
......@@ -151,32 +166,52 @@ public final class Secret implements Serializable {
@CheckForNull
public static Secret decrypt(@CheckForNull String data) {
if(data==null) return null;
try {
byte[] in = Base64.decode(data.toCharArray());
Secret s = tryDecrypt(KEY.decrypt(), in);
if (s!=null) return s;
// try our historical key for backward compatibility
Cipher cipher = getCipher("AES");
cipher.init(Cipher.DECRYPT_MODE, getLegacyKey());
return tryDecrypt(cipher, in);
} catch (GeneralSecurityException e) {
return null;
} catch (UnsupportedEncodingException e) {
throw new Error(e); // impossible
} catch (IOException e) {
return null;
}
}
/*package*/ static Secret tryDecrypt(Cipher cipher, byte[] in) throws UnsupportedEncodingException {
try {
String plainText = new String(cipher.doFinal(in), "UTF-8");
if(plainText.endsWith(MAGIC))
return new Secret(plainText.substring(0,plainText.length()-MAGIC.length()));
return null;
} catch (GeneralSecurityException e) {
return null; // if the key doesn't match with the bytes, it can result in BadPaddingException
if (data.startsWith("{") && data.endsWith("}")) { //likely CBC encrypted/containing metadata but could be plain text
byte[] payload;
try {
payload = Base64.decode(data.substring(1, data.length()-1).toCharArray());
} catch (IOException e) {
return null;
}
switch (payload[0]) {
case PAYLOAD_V1:
// For PAYLOAD_V1 we use this byte shifting model, V2 probably will need DataOutput
int ivLength = ((payload[1] & 0xff) << 24)
| ((payload[2] & 0xff) << 16)
| ((payload[3] & 0xff) << 8)
| (payload[4] & 0xff);
int dataLength = ((payload[5] & 0xff) << 24)
| ((payload[6] & 0xff) << 16)
| ((payload[7] & 0xff) << 8)
| (payload[8] & 0xff);
if (payload.length != 1 + 8 + ivLength + dataLength) {
// not valid v1
return null;
}
byte[] iv = Arrays.copyOfRange(payload, 9, 9 + ivLength);
byte[] code = Arrays.copyOfRange(payload, 9+ivLength, payload.length);
String text;
try {
text = new String(KEY.decrypt(iv).doFinal(code), UTF_8);
} catch (GeneralSecurityException e) {
// it's v1 which cannot be historical, but not decrypting
return null;
}
return new Secret(text, iv);
default:
return null;
}
} else {
try {
return HistoricalSecrets.decrypt(data, KEY);
} catch (GeneralSecurityException e) {
return null;
} catch (UnsupportedEncodingException e) {
throw new Error(e); // impossible
} catch (IOException e) {
return null;
}
}
}
......@@ -234,8 +269,6 @@ public final class Secret implements Serializable {
}
}
private static final String MAGIC = "::::MAGIC::::";
/**
* Workaround for JENKINS-6459 / http://java.net/jira/browse/GLASSFISH-11862
* @see #getCipher(String)
......@@ -252,6 +285,14 @@ public final class Secret implements Serializable {
*/
private static final CryptoConfidentialKey KEY = new CryptoConfidentialKey(Secret.class.getName());
/**
* Reset the internal secret key for testing.
*/
@Restricted(NoExternalUse.class)
/*package*/ static void resetKeyForTest() {
KEY.resetForTest();
}
private static final long serialVersionUID = 1L;
static {
......
core/src/main/java/hudson/util/SecretRewriter.java
浏览文件 @ 021912b9
......@@ -3,7 +3,6 @@ package hudson.util;
import com.trilead.ssh2.crypto.Base64;
import hudson.Functions;
import hudson.model.TaskListener;
import org.apache.commons.io.FileUtils;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
......@@ -35,21 +34,21 @@ public class SecretRewriter {
*/
private int count;
/**
* If non-null the original file before rewrite gets in here.
*/
private final File backupDirectory;
/**
* Canonical paths of the directories we are recursing to protect
* against symlink induced cycles.
*/
private Set<String> callstack = new HashSet<String>();
public SecretRewriter(File backupDirectory) throws GeneralSecurityException {
public SecretRewriter() throws GeneralSecurityException {
cipher = Secret.getCipher("AES");
key = Secret.getLegacyKey();
this.backupDirectory = backupDirectory;
key = HistoricalSecrets.getLegacyKey();
}
/** @deprecated SECURITY-376: {@code backupDirectory} is ignored */
@Deprecated
public SecretRewriter(File backupDirectory) throws GeneralSecurityException {
this();
}
private String tryRewrite(String s) throws IOException, InvalidKeyException {
......@@ -65,19 +64,21 @@ public class SecretRewriter {
return s; // not a valid base64
}
cipher.init(Cipher.DECRYPT_MODE, key);
Secret sec = Secret.tryDecrypt(cipher, in);
Secret sec = HistoricalSecrets.tryDecrypt(cipher, in);
if(sec!=null) // matched
return sec.getEncryptedValue(); // replace by the new encrypted value
else // not encrypted with the legacy key. leave it unmodified
return s;
}
/**
* @param backup
* if non-null, the original file will be copied here before rewriting.
* if the rewrite doesn't happen, no copying.
*/
/** @deprecated SECURITY-376: {@code backup} is ignored */
@Deprecated
public boolean rewrite(File f, File backup) throws InvalidKeyException, IOException {
return rewrite(f);
}
public boolean rewrite(File f) throws InvalidKeyException, IOException {
AtomicFileWriter w = new AtomicFileWriter(f, "UTF-8");
try {
......@@ -113,10 +114,6 @@ public class SecretRewriter {
}
if (modified) {
if (backup!=null) {
backup.getParentFile().mkdirs();
FileUtils.copyFile(f,backup);
}
w.commit();
}
return modified;
......@@ -161,11 +158,7 @@ public class SecretRewriter {
if ((count++)%100==0)
listener.getLogger().println("Scanning "+child);
try {
File backup = null;
if (backupDirectory!=null) backup = new File(backupDirectory,relative+'/'+ cn);
if (rewrite(child,backup)) {
if (backup!=null)
listener.getLogger().println("Copied "+child+" to "+backup+" as a backup");
if (rewrite(child)) {
listener.getLogger().println("Rewritten "+child);
rewritten++;
}
......@@ -195,7 +188,6 @@ public class SecretRewriter {
String n = dir.getName();
return n.equals("workspace") || n.equals("artifacts")
|| n.equals("plugins") // no mutable data here
|| n.equals("jenkins.security.RekeySecretAdminMonitor") // we don't want to rewrite backups
|| n.equals(".") || n.equals("..");
}
......
core/src/main/java/jenkins/diagnostics/SecurityIsOffMonitor.java
浏览文件 @ 021912b9
......@@ -6,6 +6,7 @@ import jenkins.model.Jenkins;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import java.io.IOException;
......@@ -34,6 +35,7 @@ public class SecurityIsOffMonitor extends AdministrativeMonitor {
/**
* Depending on whether the user said "yes" or "no", send him to the right place.
*/
@RequirePOST
public void doAct(StaplerRequest req, StaplerResponse rsp) throws IOException {
if(req.hasParameter("no")) {
disable(true);
......
core/src/main/java/jenkins/model/Jenkins.java
浏览文件 @ 021912b9
......@@ -118,7 +118,6 @@ import hudson.security.AccessControlled;
import hudson.security.AuthorizationStrategy;
import hudson.security.BasicAuthenticationFilter;
import hudson.security.FederatedLoginService;
import hudson.security.FullControlOnceLoggedInAuthorizationStrategy;
import hudson.security.HudsonFilter;
import hudson.security.LegacyAuthorizationStrategy;
import hudson.security.LegacySecurityRealm;
......@@ -1694,11 +1693,6 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
*/
@Exported(name="jobs")
public List<TopLevelItem> getItems() {
if (authorizationStrategy instanceof AuthorizationStrategy.Unsecured ||
authorizationStrategy instanceof FullControlOnceLoggedInAuthorizationStrategy) {
return new ArrayList(items.values());
}
List<TopLevelItem> viewableItems = new ArrayList<TopLevelItem>();
for (TopLevelItem item : items.values()) {
if (item.hasPermission(Item.READ))
......@@ -2272,7 +2266,7 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
})
.add(new CollectionSearchIndex() {// for views
protected View get(String key) { return getView(key); }
protected Collection<View> all() { return views; }
protected Collection<View> all() { return viewGroupMixIn.getViews(); }
});
return builder;
}
......@@ -2871,11 +2865,11 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
/**
* Gets the user of the given name.
*
* @return the user of the given name (which may or may not be an id), if that person exists or the invoker {@link #hasPermission} on {@link #ADMINISTER}; else null
* @return the user of the given name (which may or may not be an id), if that person exists; else null
* @see User#get(String,boolean), {@link User#getById(String, boolean)}
*/
public @CheckForNull User getUser(String name) {
return User.get(name,hasPermission(ADMINISTER));
return User.get(name, User.ALLOW_USER_CREATION_VIA_URL && hasPermission(ADMINISTER));
}
public synchronized TopLevelItem createProject( TopLevelItemDescriptor type, String name ) throws IOException {
......@@ -4354,6 +4348,7 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
@RequirePOST
public void doFingerprintCleanup(StaplerResponse rsp) throws IOException {
checkPermission(ADMINISTER);
FingerprintCleanupThread.invoke();
rsp.setStatus(HttpServletResponse.SC_OK);
rsp.setContentType("text/plain");
......@@ -4362,6 +4357,7 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
@RequirePOST
public void doWorkspaceCleanup(StaplerResponse rsp) throws IOException {
checkPermission(ADMINISTER);
WorkspaceCleanupThread.invoke();
rsp.setStatus(HttpServletResponse.SC_OK);
rsp.setContentType("text/plain");
......
core/src/main/java/jenkins/security/CryptoConfidentialKey.java
浏览文件 @ 021912b9
package jenkins.security;
import hudson.Main;
import hudson.util.Secret;
import jenkins.model.Jenkins;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.security.GeneralSecurityException;
......@@ -15,6 +21,9 @@ import java.security.GeneralSecurityException;
* @since 1.498
*/
public class CryptoConfidentialKey extends ConfidentialKey {
@Restricted(NoExternalUse.class) // TODO pending API
public static final int DEFAULT_IV_LENGTH = 16;
private volatile SecretKey secret;
public CryptoConfidentialKey(String id) {
super(id);
......@@ -35,7 +44,7 @@ public class CryptoConfidentialKey extends ConfidentialKey {
store(payload);
}
// Due to the stupid US export restriction JDK only ships 128bit version.
secret = new SecretKeySpec(payload,0,128/8, ALGORITHM);
secret = new SecretKeySpec(payload,0,128/8, KEY_ALGORITHM);
}
}
}
......@@ -47,10 +56,12 @@ public class CryptoConfidentialKey extends ConfidentialKey {
/**
* Returns a {@link Cipher} object for encrypting with this key.
* @deprecated use {@link #encrypt(byte[])}
*/
@Deprecated
public Cipher encrypt() {
try {
Cipher cipher = Secret.getCipher(ALGORITHM);
Cipher cipher = Secret.getCipher(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, getKey());
return cipher;
} catch (GeneralSecurityException e) {
......@@ -58,12 +69,68 @@ public class CryptoConfidentialKey extends ConfidentialKey {
}
}
/**
* Returns a {@link Cipher} object for encrypting with this key using the provided initialization vector.
* @param iv the initialization vector
* @return the cipher
*/
@Restricted(NoExternalUse.class) // TODO pending API
public Cipher encrypt(byte[] iv) {
try {
Cipher cipher = Secret.getCipher(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, getKey(), new IvParameterSpec(iv));
return cipher;
} catch (GeneralSecurityException e) {
throw new AssertionError(e);
}
}
/**
* Returns a {@link Cipher} object for decrypting with this key using the provided initialization vector.
* @param iv the initialization vector
* @return the cipher
*/
@Restricted(NoExternalUse.class) // TODO pending ApI
public Cipher decrypt(byte[] iv) {
try {
Cipher cipher = Secret.getCipher(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, getKey(), new IvParameterSpec(iv));
return cipher;
} catch (GeneralSecurityException e) {
throw new AssertionError(e);
}
}
/**
* Generates a new Initialization Vector.
* @param length the length of the salt
* @return some random bytes
* @see #encrypt(byte[])
*/
@Restricted(NoExternalUse.class) // TODO pending API
public byte[] newIv(int length) {
return ConfidentialStore.get().randomBytes(length);
}
/**
* Generates a new Initialization Vector of default length.
* @return some random bytes
* @see #newIv(int)
* @see #encrypt(byte[])
*/
@Restricted(NoExternalUse.class) // TODO pending API
public byte[] newIv() {
return newIv(DEFAULT_IV_LENGTH);
}
/**
* Returns a {@link Cipher} object for decrypting with this key.
* @deprecated use {@link #decrypt(byte[])}
*/
@Deprecated
public Cipher decrypt() {
try {
Cipher cipher = Secret.getCipher(ALGORITHM);
Cipher cipher = Secret.getCipher(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, getKey());
return cipher;
} catch (GeneralSecurityException e) {
......@@ -72,5 +139,18 @@ public class CryptoConfidentialKey extends ConfidentialKey {
}
private static final String ALGORITHM = "AES";
private static final String KEY_ALGORITHM = "AES";
private static final String ALGORITHM = "AES/CBC/PKCS5Padding";
/**
* Reset the internal secret key for testing.
*/
@Restricted(NoExternalUse.class)
public void resetForTest() {
if (Main.isUnitTest) {
this.secret = null;
} else {
throw new IllegalStateException("Only for testing");
}
}
}
core/src/main/java/jenkins/security/RekeySecretAdminMonitor.java
浏览文件 @ 021912b9
package jenkins.security;
import hudson.Extension;
import hudson.Util;
import hudson.Functions;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
......@@ -13,7 +14,6 @@ import jenkins.model.Jenkins;
import jenkins.util.io.FileBoolean;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.interceptor.RequirePOST;
......@@ -31,7 +31,7 @@ import java.util.logging.Logger;
* @author Kohsuke Kawaguchi
*/
@Extension @Symbol("rekeySecret")
public class RekeySecretAdminMonitor extends AsynchronousAdministrativeMonitor implements StaplerProxy {
public class RekeySecretAdminMonitor extends AsynchronousAdministrativeMonitor {
/**
* Whether we detected a need to run the rewrite program.
......@@ -53,6 +53,7 @@ public class RekeySecretAdminMonitor extends AsynchronousAdministrativeMonitor i
*/
private final FileBoolean scanOnBoot = state("scanOnBoot");
@SuppressWarnings("OverridableMethodCallInConstructor") // should have been final
public RekeySecretAdminMonitor() throws IOException {
// if JENKINS_HOME existed <1.497, we need to offer rewrite
// this computation needs to be done and the value be captured,
......@@ -62,14 +63,7 @@ public class RekeySecretAdminMonitor extends AsynchronousAdministrativeMonitor i
if (j.isUpgradedFromBefore(new VersionNumber("1.496.*"))
&& new FileBoolean(new File(j.getRootDir(),"secret.key.not-so-secret")).isOff())
needed.on();
}
/**
* Requires ADMINISTER permission for any operation in here.
*/
public Object getTarget() {
Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
return this;
Util.deleteRecursive(new File(getBaseDir(), "backups")); // SECURITY-376: no longer used
}
@Override
......@@ -142,7 +136,7 @@ public class RekeySecretAdminMonitor extends AsynchronousAdministrativeMonitor i
protected void fix(TaskListener listener) throws Exception {
LOGGER.info("Initiating a re-keying of secrets. See "+getLogFile());
SecretRewriter rewriter = new SecretRewriter(new File(getBaseDir(),"backups"));
SecretRewriter rewriter = new SecretRewriter();
try {
PrintStream log = listener.getLogger();
......
core/src/main/java/jenkins/security/s2m/AdminCallableMonitor.java
浏览文件 @ 021912b9
......@@ -9,6 +9,7 @@ import org.jenkinsci.Symbol;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;
import javax.inject.Inject;
import java.io.IOException;
......@@ -50,6 +51,7 @@ public class AdminCallableMonitor extends AdministrativeMonitor {
/**
* Depending on whether the user said "examin" or "dismiss", send him to the right place.
*/
@RequirePOST
public HttpResponse doAct(@QueryParameter String dismiss) throws IOException {
if(dismiss!=null) {
disable(true);
......
core/src/main/java/jenkins/security/s2m/MasterKillSwitchWarning.java
浏览文件 @ 021912b9
......@@ -5,6 +5,7 @@ import hudson.model.AdministrativeMonitor;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;
import javax.inject.Inject;
import java.io.IOException;
......@@ -33,6 +34,7 @@ public class MasterKillSwitchWarning extends AdministrativeMonitor {
return Messages.MasterKillSwitchWarning_DisplayName();
}
@RequirePOST
public HttpResponse doAct(@QueryParameter String dismiss) throws IOException {
if(dismiss!=null) {
disable(true);
......
core/src/main/resources/hudson/diagnosis/HudsonHomeDiskUsageMonitor/index.jelly
浏览文件 @ 021912b9
......@@ -24,7 +24,7 @@ THE SOFTWARE.
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout title="${%JENKINS_HOME is almost full}" permission="${app.ADMINISTER}">
<l:layout title="${%JENKINS_HOME is almost full}">
<l:main-panel>
<h1>
<l:icon class="icon-warning icon-xlg"/>
......
core/src/main/resources/hudson/diagnosis/OldDataMonitor/manage.jelly
浏览文件 @ 021912b9
......@@ -24,7 +24,7 @@ THE SOFTWARE.
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<l:layout title="${%Manage Old Data}" permission="${app.ADMINISTER}">
<l:layout title="${%Manage Old Data}">
<st:include page="sidepanel.jelly" it="${app}"/>
<l:main-panel>
<h1>${%Manage Old Data}</h1>
......
core/src/main/resources/hudson/model/AbstractBuild/index_eu.properties
浏览文件 @ 021912b9
# This file is under the MIT License by authors
Build=fghg
Build\ Artifacts=gfhfgh
Took=fghg
startedAgo=dhgg
Build=Eraiki
Build\ Artifacts=Laguntzaileak eraiki
Took=Hartu
startedAgo=orain dela zenbat hasia
core/src/main/resources/hudson/model/AbstractBuild/tasks_eu.properties
浏览文件 @ 021912b9
# This file is under the MIT License by authors
Back\ to\ Project=drthdf
Changes=hgdg
Console\ Output=ghdgfh
Edit\ Build\ Information=Kompilazioaren argibidea edidatu
Status=hgfdhg
View\ Build\ Information=dhgg
Back\ to\ Project=Proiektura itzuli
Changes=Aldaketak
Console\ Output=Kontsolaren irteera
Edit\ Build\ Information=Konpilazioaren argibideak edidatu
Status=Egoera
View\ Build\ Information=Konpilazioaren egoera ikusi
core/src/main/resources/hudson/model/BooleanParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}" />
<f:checkbox name="value" checked="${it.defaultValue}" />
......
core/src/main/resources/hudson/model/BooleanParameterValue/value.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.description}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<f:checkbox name="value" checked="${it.value}" readonly="true" />
</f:entry>
</j:jelly>
\ No newline at end of file
core/src/main/resources/hudson/model/ChoiceParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}" />
<select name="value">
......
core/src/main/resources/hudson/model/FileParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}" />
<input name="file" type="file" jsonAware="true" />
......
core/src/main/resources/hudson/model/FileParameterValue/value.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<j:if test="${it.originalFileName != null}">
<j:invokeStatic var="encodedName" className="hudson.Util" method="rawEncode">
<j:arg value="${it.name}" />
......
core/src/main/resources/hudson/model/ParametersAction/index.jelly
浏览文件 @ 021912b9
......@@ -40,6 +40,7 @@ THE SOFTWARE.
<div class="col-xs-24 pane-header">${%Parameters}</div>
<div class="row col-xs-24 pane-content">
<table class="pane">
<j:set var="escapeEntryTitleAndDescription" value="true"/> <!-- SECURITY-353 defense unless overridden -->
<j:forEach var="parameterValue" items="${it.parameters}">
<tbody>
<st:include it="${parameterValue}"
......
core/src/main/resources/hudson/model/ParametersDefinitionProperty/index.jelly
浏览文件 @ 021912b9
......@@ -45,6 +45,7 @@ THE SOFTWARE.
<f:form method="post" action="build${empty(delay)?'':'?delay='+delay}" name="parameters"
tableClass="parameters">
<j:forEach var="parameterDefinition" items="${it.parameterDefinitions}">
<j:set var="escapeEntryTitleAndDescription" value="true"/> <!-- SECURITY-353 defense unless overridden -->
<tbody>
<st:include it="${parameterDefinition}"
page="${parameterDefinition.descriptor.valuePage}" />
......
core/src/main/resources/hudson/model/PasswordParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}" />
<f:password name="value" value="${it.DEFAULT_VALUE}"/>
......
core/src/main/resources/hudson/model/PasswordParameterValue/value.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.description}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<f:password name="value" value="********" readonly="true" />
</f:entry>
</j:jelly>
\ No newline at end of file
core/src/main/resources/hudson/model/Run/delete_eu.properties
浏览文件 @ 021912b9
# This file is under the MIT License by authors
Delete\ this\ build=Kompilazioa ezabatu
Delete\ this\ build=Konpilazioa ezabatu
core/src/main/resources/hudson/model/RunParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}" />
<select name="runId">
......
core/src/main/resources/hudson/model/RunParameterValue/value.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.description}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<a href="${rootURL}/${it.run.url}" class="model-link inside">${it.run.fullDisplayName}</a>
</f:entry>
</j:jelly>
core/src/main/resources/hudson/model/StringParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}" />
<f:textbox name="value" value="${it.defaultValue}" />
......
core/src/main/resources/hudson/model/StringParameterValue/value.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.description}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<f:textbox name="value" value="${it.value}" readonly="true" />
</f:entry>
</j:jelly>
\ No newline at end of file
core/src/main/resources/hudson/model/TextParameterDefinition/index.jelly
浏览文件 @ 021912b9
......@@ -24,7 +24,8 @@ THE SOFTWARE.
-->
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.formattedDescription}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<div name="parameter">
<input type="hidden" name="name" value="${it.name}"/>
<f:textarea name="value" value="${it.defaultValue}"/>
......
core/src/main/resources/hudson/model/TextParameterValue/value.jelly
浏览文件 @ 021912b9
......@@ -26,7 +26,8 @@ THE SOFTWARE.
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define"
xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form"
xmlns:i="jelly:fmt" xmlns:p="/lib/hudson/project">
<f:entry title="${it.name}" description="${it.description}">
<j:set var="escapeEntryTitleAndDescription" value="false"/>
<f:entry title="${h.escape(it.name)}" description="${it.formattedDescription}">
<f:textarea name="value" value="${it.value}" readonly="readonly" />
</f:entry>
</j:jelly>
\ No newline at end of file
core/src/main/resources/hudson/model/User/sidepanel_eu.properties
浏览文件 @ 021912b9
......@@ -4,4 +4,4 @@ Builds=Kompilazioak
Configure=Itxuratu
My\ Views=Nire Begiak
People=Jendea
Status=Estatus
Status=Egoera
core/src/main/resources/hudson/model/View/People/index_eu.properties
浏览文件 @ 021912b9
# This file is under the MIT License by authors
People=Gendea
People=Jendea
core/src/main/resources/jenkins/security/s2m/filepath-filter.conf
浏览文件 @ 021912b9
......@@ -23,6 +23,9 @@ allow read,stat <JENKINS_HOME>/userContent($|/.*)
# In the next rule we grant general access under build directories, so first we protect
# the actual build record that Jenkins core reads, which nothing should be touching.
deny all <BUILDDIR>/build.xml
# Similarly for Pipeline build (WorkflowRun) metadata:
deny all <BUILDDIR>/program.dat
deny all <BUILDDIR>/workflow($|/.*)
# Various plugins read/write files under build directories, so allow them all.
# - git 1.x writes changelog.xml from the slave (2.x writes from the master so need not be listed)
......
core/src/main/resources/lib/form/entry.jelly
浏览文件 @ 021912b9
......@@ -32,6 +32,8 @@ THE SOFTWARE.
<st:attribute name="title">
Name of the entry. Think of this like a label for the control.
This content is HTML (unless the boolean variable escapeEntryTitleAndDescription is set). Use h.escape if necessary.
</st:attribute>
<st:attribute name="field">
Used for the databinding. TBD. When this attribute
......@@ -46,6 +48,8 @@ THE SOFTWARE.
This text shouldn't get too long, and in recent Hudson, this feature
is somewhat de-emphasized, in favor of the inline foldable help page
specified via @help.
This content is HTML (unless the boolean variable escapeEntryTitleAndDescription is set). Use h.escape if necessary.
</st:attribute>
<st:attribute name="help">
URL to the HTML page. When this attribute is specified, the entry gets
......@@ -67,7 +71,7 @@ THE SOFTWARE.
<tr>
<td class="setting-leftspace"><st:nbsp/></td>
<td class="setting-name">
<j:out value="${attrs.title}" />
<j:out value="${escapeEntryTitleAndDescription ? h.escape(attrs.title) : attrs.title}" />
</td>
<td class="setting-main">
<d:invokeBody />
......@@ -78,7 +82,7 @@ THE SOFTWARE.
<tr class="validation-error-area"><td colspan="2" /><td /><td /></tr>
<j:if test="${!empty(attrs.description)}">
<f:description>
<j:out value="${description}"/>
<j:out value="${escapeEntryTitleAndDescription ? h.escape(attrs.description) : attrs.description}"/>
</f:description>
</j:if>
<j:if test="${attrs.help!=null}">
......
core/src/test/groovy/hudson/util/SecretRewriterTest.groovy
浏览文件 @ 021912b9
......@@ -23,42 +23,49 @@ class SecretRewriterTest {
@Rule public TemporaryFolder tmp = new TemporaryFolder()
def FOO_PATTERN = /<foo>\{[A-Za-z0-9+\/]+={0,2}}<\/foo>/
def MSG_PATTERN = /<msg>\{[A-Za-z0-9+\/]+={0,2}}<\/msg>/
def FOO_PATTERN2 = /(<foo>\{[A-Za-z0-9+\/]+={0,2}}<\/foo>){2}/
def ABC_FOO_PATTERN = /<abc>\s<foo>\{[A-Za-z0-9+\/]+={0,2}}<\/foo>\s<\/abc>/
@Test
void singleFileRewrite() {
def o = encryptOld('foobar') // old
def n = encryptNew('foobar') // new
roundtrip "<foo>${o}</foo>",
"<foo>${n}</foo>"
{assert it ==~ FOO_PATTERN}
roundtrip "<foo>${o}</foo><foo>${o}</foo>",
"<foo>${n}</foo><foo>${n}</foo>"
{assert it ==~ FOO_PATTERN2}
roundtrip "<foo>${n}</foo>",
"<foo>${n}</foo>"
{assert it == "<foo>${n}</foo>"}
roundtrip " <foo>thisIsLegalBase64AndLongEnoughThatItCouldLookLikeSecret</foo> ",
" <foo>thisIsLegalBase64AndLongEnoughThatItCouldLookLikeSecret</foo> "
{assert it == "<foo>thisIsLegalBase64AndLongEnoughThatItCouldLookLikeSecret</foo>"}
// to be rewritten, it needs to be between a tag
roundtrip "<foo>$o", "<foo>$o"
roundtrip "$o</foo>", "$o</foo>"
roundtrip "<foo>$o", {assert it == "<foo>$o"}
roundtrip "$o</foo>", {assert it == "$o</foo>"}
//
roundtrip "<abc>\n<foo>$o</foo>\n</abc>", "<abc>\n<foo>$n</foo>\n</abc>"
roundtrip "<abc>\n<foo>$o</foo>\n</abc>", {assert it ==~ ABC_FOO_PATTERN}
}
void roundtrip(String before, String after) {
void roundtrip(String before, Closure check) {
def sr = new SecretRewriter(null);
def f = File.createTempFile("test", "xml", tmp.root)
f.text = before
sr.rewrite(f,null)
assert after.replaceAll(System.getProperty("line.separator"), "\n").trim()==f.text.replaceAll(System.getProperty("line.separator"), "\n").trim()
check(f.text.replaceAll(System.getProperty("line.separator"), "\n").trim())
//assert after.replaceAll(System.getProperty("line.separator"), "\n").trim()==f.text.replaceAll(System.getProperty("line.separator"), "\n").trim()
}
String encryptOld(str) {
def cipher = Secret.getCipher("AES");
cipher.init(Cipher.ENCRYPT_MODE, Secret.legacyKey);
return new String(Base64.encode(cipher.doFinal((str + Secret.MAGIC).getBytes("UTF-8"))))
cipher.init(Cipher.ENCRYPT_MODE, HistoricalSecrets.legacyKey);
return new String(Base64.encode(cipher.doFinal((str + HistoricalSecrets.MAGIC).getBytes("UTF-8"))))
}
String encryptNew(str) {
......@@ -70,8 +77,7 @@ class SecretRewriterTest {
*/
@Test
void recursionDetection() {
def backup = tmp.newFolder("backup")
def sw = new SecretRewriter(backup);
def sw = new SecretRewriter();
def st = StreamTaskListener.fromStdout()
def o = encryptOld("Hello world")
......@@ -100,12 +106,11 @@ class SecretRewriterTest {
assert 6==sw.rewriteRecursive(t, st)
dirs.each { p->
assert new File(t,"$p/foo.xml").text.trim()==answer
assert new File(backup,"$p/foo.xml").text.trim()==payload
assert new File(t,"$p/foo.xml").text.trim() ==~ MSG_PATTERN
}
// t2 is only reachable by following a symlink. this should be covered, too
assert new File(t2,"foo.xml").text.trim()==answer.trim();
assert new File(t2,"foo.xml").text.trim() ==~ MSG_PATTERN
}
}
core/src/test/groovy/hudson/util/SecretTest.groovy
浏览文件 @ 021912b9
......@@ -31,7 +31,8 @@ import org.junit.Rule
import org.junit.Test
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.Cipher
import java.util.regex.Pattern;
/**
* @author Kohsuke Kawaguchi
......@@ -43,6 +44,8 @@ public class SecretTest {
@Rule
public MockSecretRule mockSecretRule = new MockSecretRule()
static final Pattern ENCRYPTED_VALUE_PATTERN = Pattern.compile("\\{?[A-Za-z0-9+/]+={0,2}}?");
@Test
void testEncrypt() {
def secret = Secret.fromString("abc");
......@@ -54,6 +57,11 @@ public class SecretTest {
// can we round trip?
assert secret==Secret.fromString(secret.encryptedValue);
//Two consecutive encryption requests of the same object should result in the same encrypted value - SECURITY-304
assert secret.encryptedValue == secret.encryptedValue
//Two consecutive encryption requests of different objects with the same value should not result in the same encrypted value - SECURITY-304
assert secret.encryptedValue != Secret.fromString(secret.plainText).encryptedValue
}
@Test
......@@ -62,9 +70,16 @@ public class SecretTest {
String plaintext = RandomStringUtils.random(new Random().nextInt(i));
String ciphertext = Secret.fromString(plaintext).getEncryptedValue();
//println "${plaintext} → ${ciphertext}"
assert Secret.ENCRYPTED_VALUE_PATTERN.matcher(ciphertext).matches();
assert ENCRYPTED_VALUE_PATTERN.matcher(ciphertext).matches();
}
assert !Secret.ENCRYPTED_VALUE_PATTERN.matcher("hello world").matches();
//Not "plain" text
assert !ENCRYPTED_VALUE_PATTERN.matcher("hello world").matches();
//Not "plain" text
assert !ENCRYPTED_VALUE_PATTERN.matcher("helloworld!").matches();
//legacy key
assert ENCRYPTED_VALUE_PATTERN.matcher("abcdefghijklmnopqr0123456789").matches();
//legacy key
assert ENCRYPTED_VALUE_PATTERN.matcher("abcdefghijklmnopqr012345678==").matches();
}
@Test
......@@ -77,7 +92,7 @@ public class SecretTest {
def s = Secret.fromString("Mr.Jenkins");
def xml = Jenkins.XSTREAM.toXML(s);
assert !xml.contains(s.plainText)
assert xml.contains(s.encryptedValue)
assert xml ==~ /<hudson\.util\.Secret>\{[A-Za-z0-9+\/]+={0,2}}<\/hudson\.util\.Secret>/
def o = Jenkins.XSTREAM.fromXML(xml);
assert o==s : xml;
......@@ -104,11 +119,11 @@ public class SecretTest {
*/
@Test
void migrationFromLegacyKeyToConfidentialStore() {
def legacy = Secret.legacyKey
def legacy = HistoricalSecrets.legacyKey
["Hello world","","\u0000unprintable"].each { str ->
def cipher = Secret.getCipher("AES");
cipher.init(Cipher.ENCRYPT_MODE, legacy);
def old = new String(Base64.encode(cipher.doFinal((str + Secret.MAGIC).getBytes("UTF-8"))))
def old = new String(Base64.encode(cipher.doFinal((str + HistoricalSecrets.MAGIC).getBytes("UTF-8"))))
def s = Secret.fromString(old)
assert s.plainText==str : "secret by the old key should decrypt"
assert s.encryptedValue!=old : "but when encrypting, ConfidentialKey should be in use"
......
pom.xml
浏览文件 @ 021912b9
......@@ -33,7 +33,7 @@ THE SOFTWARE.
<groupId>org.jenkins-ci.main</groupId>
<artifactId>pom</artifactId>
<version>2.44-SNAPSHOT</version>
<version>2.45-SNAPSHOT</version>
<packaging>pom</packaging>
<name>Jenkins main module</name>
......@@ -181,7 +181,7 @@ THE SOFTWARE.
<dependency>
<groupId>org.jenkins-ci.main</groupId>
<artifactId>remoting</artifactId>
<version>3.4</version>
<version>3.4.1</version>
</dependency>
<dependency>
......
test/pom.xml
浏览文件 @ 021912b9
......@@ -28,7 +28,7 @@ THE SOFTWARE.
<parent>
<groupId>org.jenkins-ci.main</groupId>
<artifactId>pom</artifactId>
<version>2.44-SNAPSHOT</version>
<version>2.45-SNAPSHOT</version>
</parent>
<artifactId>test</artifactId>
......
test/src/test/groovy/hudson/model/AbstractProjectTest.groovy
浏览文件 @ 021912b9
......@@ -519,39 +519,6 @@ public class AbstractProjectTest extends HudsonTestCase {
done.signal()
}
public void testRenameToPrivileged() {
def secret = jenkins.createProject(FreeStyleProject.class,"secret");
def regular = jenkins.createProject(FreeStyleProject.class,"regular")
jenkins.securityRealm = createDummySecurityRealm();
def auth = new ProjectMatrixAuthorizationStrategy();
jenkins.authorizationStrategy = auth;
auth.add(Jenkins.ADMINISTER, "alice");
auth.add(Jenkins.READ, "bob");
// bob the regular user can only see regular jobs
regular.addProperty(new AuthorizationMatrixProperty([(Job.READ) : ["bob"] as Set]));
def wc = createWebClient()
wc.login("bob")
wc.executeOnServer {
assert jenkins.getItem("secret")==null;
try {
regular.renameTo("secret")
fail("rename as an overwrite should have failed");
} catch (Exception e) {
// expected rename to fail in some non-descriptive generic way
e.printStackTrace()
}
}
// those two jobs should still be there
assert jenkins.getItem("regular")!=null;
assert jenkins.getItem("secret")!=null;
}
/**
* Trying to POST to config.xml by a different job type should fail.
*/
......
test/src/test/java/hudson/console/AnnotatedLargeTextTest.java 0 → 100644
浏览文件 @ 021912b9
/*
* The MIT License
*
* Copyright 2016 CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package hudson.console;
import hudson.MarkupText;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.io.StringWriter;
import java.util.logging.Level;
import org.apache.commons.io.Charsets;
import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.For;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.LoggerRule;
import org.kohsuke.stapler.framework.io.ByteBuffer;
@For({AnnotatedLargeText.class, ConsoleNote.class, ConsoleAnnotationOutputStream.class, PlainTextConsoleOutputStream.class})
public class AnnotatedLargeTextTest {
@ClassRule
public static JenkinsRule r = new JenkinsRule();
@Rule
public LoggerRule logging = new LoggerRule().record(ConsoleAnnotationOutputStream.class, Level.FINE).capture(100);
@Test
public void smokes() throws Exception {
ByteBuffer buf = new ByteBuffer();
PrintStream ps = new PrintStream(buf, true);
ps.print("Some text.\n");
ps.print("Go back to " + TestNote.encodeTo("/root", "your home") + ".\n");
ps.print("More text.\n");
AnnotatedLargeText<Void> text = new AnnotatedLargeText<>(buf, Charsets.UTF_8, true, null);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
text.writeLogTo(0, baos);
assertEquals("Some text.\nGo back to your home.\nMore text.\n", baos.toString());
StringWriter w = new StringWriter();
text.writeHtmlTo(0, w);
assertEquals("Some text.\nGo back to <a href='/root'>your home</a>.\nMore text.\n", w.toString());
}
@Issue("SECURITY-382")
@Test
public void oldDeserialization() throws Exception {
ByteBuffer buf = new ByteBuffer();
buf.write(("hello" + ConsoleNote.PREAMBLE_STR + "AAAAwR+LCAAAAAAAAP9dzLEOwVAUxvHThtiNprYxsGiMQhiwNSIhMR/tSZXr3Lr3oJPwPt7FM5hM3gFh8i3/5Bt+1yeUrYH6ap9Yza1Ys9WKWuMiR05wqWhEgpmyEy306Jxvwb19ccGNoBJjLplmgWq0xgOGCjkNZ2IyTrsRlFayVTs4gVMYqP3pw28/JnznuABF/rYWyIyeJfLQe1vxZiDQ7NnYZLn0UZGRRjA9MiV+0OyFv3+utadQyH8B+aJxVM4AAAA=" + ConsoleNote.POSTAMBLE_STR + "there\n").getBytes());
AnnotatedLargeText<Void> text = new AnnotatedLargeText<>(buf, Charsets.UTF_8, true, null);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
text.writeLogTo(0, baos);
assertEquals("hellothere\n", baos.toString());
StringWriter w = new StringWriter();
text.writeHtmlTo(0, w);
assertEquals("hellothere\n", w.toString());
assertThat(logging.getMessages(), hasItem("Failed to resurrect annotation")); // TODO assert that this is IOException: Refusing to deserialize unsigned note from an old log.
ConsoleNote.INSECURE = true;
try {
w = new StringWriter();
text.writeHtmlTo(0, w);
assertThat(w.toString(), containsString("<script>"));
} finally {
ConsoleNote.INSECURE = false;
}
}
@Issue("SECURITY-382")
@Test
public void badMac() throws Exception {
ByteBuffer buf = new ByteBuffer();
buf.write(("Go back to " + ConsoleNote.PREAMBLE_STR + "////4ByIhqPpAc43AbrEtyDUDc1/UEOXsoY6LeoHSeSlb1d7AAAAlR+LCAAAAAAAAP9b85aBtbiIQS+jNKU4P08vOT+vOD8nVc8xLy+/JLEkNcUnsSg9NSS1oiQktbhEBUT45ZekCpys9xWo8J3KxMDkycCWk5qXXpLhw8BcWpRTwiDkk5VYlqifk5iXrh9cUpSZl25dUcQghWaBM4QGGcYAAYxMDAwVBUAGZwkDq35Rfn4JABmN28qcAAAA" + ConsoleNote.POSTAMBLE_STR + "your home.\n").getBytes());
AnnotatedLargeText<Void> text = new AnnotatedLargeText<>(buf, Charsets.UTF_8, true, null);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
text.writeLogTo(0, baos);
assertEquals("Go back to your home.\n", baos.toString());
StringWriter w = new StringWriter();
text.writeHtmlTo(0, w);
assertEquals("Go back to your home.\n", w.toString());
assertThat(logging.getMessages(), hasItem("Failed to resurrect annotation")); // TODO assert that this is IOException: MAC mismatch
}
/** Simplified version of {@link HyperlinkNote}. */
static class TestNote extends ConsoleNote<Void> {
private final String url;
private final int length;
TestNote(String url, int length) {
this.url = url;
this.length = length;
}
@Override
public ConsoleAnnotator<?> annotate(Void context, MarkupText text, int charPos) {
text.addMarkup(charPos, charPos + length, "<a href='" + url + "'" + ">", "</a>");
return null;
}
static String encodeTo(String url, String text) throws IOException {
return new TestNote(url, text.length()).encode() + text;
}
}
}
test/src/test/java/hudson/console/ConsoleAnnotatorTest.java
浏览文件 @ 021912b9
......@@ -27,6 +27,7 @@ import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Future;
import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.*;
import org.junit.Rule;
import org.junit.Test;
......@@ -117,8 +118,7 @@ public class ConsoleAnnotatorTest {
// make sure raw console output doesn't include the garbage
TextPage raw = (TextPage)r.createWebClient().goTo(b.getUrl()+"consoleText","text/plain");
System.out.println(raw.getContent());
assertTrue(raw.getContent().contains("\nabc\ndef\n"));
assertThat(raw.getContent(), containsString("\nabc\ndef\n"));
}
......
test/src/test/java/hudson/diagnosis/HudsonHomeDiskUsageMonitorTest.java
浏览文件 @ 021912b9
package hudson.diagnosis;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.util.NameValuePair;
import hudson.model.User;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import hudson.security.HudsonPrivateSecurityRealm;
import hudson.security.Permission;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContextHolder;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.xml.sax.SAXException;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
......@@ -13,6 +25,7 @@ import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
import java.io.IOException;
import java.util.Collections;
/**
* @author Kohsuke Kawaguchi
......@@ -45,6 +58,48 @@ public class HudsonHomeDiskUsageMonitorTest {
}
}
@Issue("SECURITY-371")
@Test
public void noAccessForNonAdmin() throws Exception {
JenkinsRule.WebClient wc = j.createWebClient();
// TODO: Use MockAuthorizationStrategy in later versions
JenkinsRule.DummySecurityRealm realm = j.createDummySecurityRealm();
realm.addGroups("administrator", "admins");
realm.addGroups("bob", "users");
j.jenkins.setSecurityRealm(realm);
GlobalMatrixAuthorizationStrategy auth = new GlobalMatrixAuthorizationStrategy();
auth.add(Jenkins.ADMINISTER, "admins");
auth.add(Jenkins.READ, "users");
j.jenkins.setAuthorizationStrategy(auth);
WebRequest request = new WebRequest(wc.createCrumbedUrl("administrativeMonitor/hudsonHomeIsFull/act"), HttpMethod.POST);
NameValuePair param = new NameValuePair("no", "true");
request.setRequestParameters(Collections.singletonList(param));
HudsonHomeDiskUsageMonitor mon = HudsonHomeDiskUsageMonitor.get();
try {
wc.login("bob");
wc.getPage(request);
} catch (FailingHttpStatusCodeException e) {
assertEquals(403, e.getStatusCode());
}
assertTrue(mon.isEnabled());
try {
WebRequest getIndex = new WebRequest(wc.createCrumbedUrl("administrativeMonitor/hudsonHomeIsFull"), HttpMethod.GET);
wc.getPage(getIndex);
} catch (FailingHttpStatusCodeException e) {
assertEquals(403, e.getStatusCode());
}
wc.login("administrator");
wc.getPage(request);
assertFalse(mon.isEnabled());
}
/**
* Gets the warning form.
*/
......
test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
浏览文件 @ 021912b9
......@@ -27,6 +27,8 @@ import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;
import hudson.security.ACL;
......@@ -49,6 +51,7 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
......@@ -141,6 +144,26 @@ public class ComputerConfigDotXmlTest {
assertThat(updatedSlave.getNumExecutors(), equalTo(42));
}
@Test
@Issue("SECURITY-343")
public void emptyNodeMonitorDataWithoutConnect() throws Exception {
rule.jenkins.setAuthorizationStrategy(new GlobalMatrixAuthorizationStrategy());
assertTrue(computer.getMonitorData().isEmpty());
}
@Test
@Issue("SECURITY-343")
public void populatedNodeMonitorDataWithConnect() throws Exception {
GlobalMatrixAuthorizationStrategy auth = new GlobalMatrixAuthorizationStrategy();
rule.jenkins.setAuthorizationStrategy(auth);
auth.add(Computer.CONNECT, "user");
assertFalse(computer.getMonitorData().isEmpty());
}
private OutputStream captureOutput() throws IOException {
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
......
test/src/test/java/hudson/model/ComputerTest.java
浏览文件 @ 021912b9
......@@ -26,16 +26,19 @@ package hudson.model;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.not;
import static org.junit.Assert.*;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
import java.io.File;
import jenkins.model.Jenkins;
import hudson.slaves.DumbSlave;
import hudson.slaves.OfflineCause;
import org.junit.Before;
import org.junit.Rule;
......@@ -43,6 +46,7 @@ import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.JenkinsRule.WebClient;
import org.jvnet.hudson.test.recipes.LocalData;
public class ComputerTest {
......@@ -87,4 +91,27 @@ public class ComputerTest {
containsString("Agent called ‘nodeA’ already exists"));
}
}
@Test
public void doNotShowUserDetailsInOfflineCause() throws Exception {
DumbSlave slave = j.createOnlineSlave();
final Computer computer = slave.toComputer();
computer.setTemporarilyOffline(true, new OfflineCause.UserCause(User.get("username"), "msg"));
verifyOfflineCause(computer);
}
@Test @LocalData
public void removeUserDetailsFromOfflineCause() throws Exception {
Computer computer = j.jenkins.getComputer("deserialized");
verifyOfflineCause(computer);
}
private void verifyOfflineCause(Computer computer) throws Exception {
XmlPage page = j.createWebClient().goToXml("computer/" + computer.getName() + "/config.xml");
String content = page.getWebResponse().getContentAsString("UTF-8");
assertThat(content, containsString("temporaryOfflineCause"));
assertThat(content, containsString("<userId>username</userId>"));
assertThat(content, not(containsString("ApiTokenProperty")));
assertThat(content, not(containsString("apiToken")));
}
}
test/src/test/java/hudson/model/ItemsTest.java
浏览文件 @ 021912b9
......@@ -24,8 +24,26 @@
package hudson.model;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.gargoylesoftware.htmlunit.WebResponse;
import hudson.AbortException;
import hudson.cli.CLICommand;
import hudson.cli.CLICommandInvoker;
import hudson.cli.CopyJobCommand;
import hudson.cli.CreateJobCommand;
import hudson.security.ACL;
import hudson.security.csrf.CrumbIssuer;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.util.Arrays;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.httpclient.HttpStatus;
import org.junit.Test;
......@@ -35,6 +53,7 @@ import org.junit.Rule;
import org.junit.rules.TemporaryFolder;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;
import org.jvnet.hudson.test.MockFolder;
public class ItemsTest {
......@@ -100,5 +119,171 @@ public class ItemsTest {
assertFalse(new File(tmp, "foo/test/1").exists());
assertTrue(new File(tmp, "bar/test/1").exists());
}
// TODO would be more efficient to run these all as a single test case, but after a few Jetty seems to stop serving new content and new requests just hang.
private void overwriteTargetSetUp() throws Exception {
// A fully visible item:
r.createFreeStyleProject("visible").setDescription("visible");
// An item known to exist but not visible:
r.createFreeStyleProject("known").setDescription("known");
// An item not even known to exist:
r.createFreeStyleProject("secret").setDescription("secret");
// A folder from which to launch move attacks:
r.createFolder("d");
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().
grant(Jenkins.READ).everywhere().to("attacker").
grant(Item.READ, Item.CONFIGURE, Item.CREATE, Item.DELETE).onPaths("(?!known|secret).*").to("attacker").
grant(Item.DISCOVER).onPaths("known").to("attacker"));
}
/** Control cases: if there is no such item yet, nothing is stopping you. */
@Test public void overwriteNonexistentTarget() throws Exception {
overwriteTargetSetUp();
for (OverwriteTactic tactic : OverwriteTactic.values()) {
tactic.run(r, "nonexistent");
System.out.println(tactic + " worked as expected on a nonexistent target");
r.jenkins.getItem("nonexistent").delete();
}
}
private void cannotOverwrite(String target) throws Exception {
overwriteTargetSetUp();
for (OverwriteTactic tactic : OverwriteTactic.values()) {
try {
tactic.run(r, target);
fail(tactic + " was not supposed to work against " + target);
} catch (Exception x) {
System.out.println("good, " + tactic + " failed on " + target + ": " + x);
assertEquals(tactic + " still overwrote " + target, target, r.jenkins.getItemByFullName(target, FreeStyleProject.class).getDescription());
}
}
}
/** More control cases: for non-security-sensitive scenarios, we prevent you from overwriting existing items. */
@Test public void overwriteVisibleTarget() throws Exception {
cannotOverwrite("visible");
}
/** You may not overwrite an item you know is there even if you cannot see it. */
@Test public void overwriteKnownTarget() throws Exception {
cannotOverwrite("known");
}
/** You are somehow prevented from overwriting an item even if you did not previously know it was there. */
@Issue("SECURITY-321")
@Test public void overwriteHiddenTarget() throws Exception {
cannotOverwrite("secret");
}
/** All known means of creating an item under a new name. */
private enum OverwriteTactic {
/** Use the REST command to create an empty project (normally used only from the UI in the New Item dialog). */
REST_EMPTY {
@Override void run(JenkinsRule r, String target) throws Exception {
JenkinsRule.WebClient wc = wc(r);
wc.getOptions().setRedirectEnabled(false);
wc.getOptions().setThrowExceptionOnFailingStatusCode(false); // redirect perversely counts as a failure
WebResponse webResponse = wc.getPage(new WebRequest(createCrumbedUrl(r, wc, "createItem?name=" + target + "&mode=hudson.model.FreeStyleProject"), HttpMethod.POST)).getWebResponse();
if (webResponse.getStatusCode() != HttpStatus.SC_MOVED_TEMPORARILY) {
throw new FailingHttpStatusCodeException(webResponse);
}
}
},
/** Use the REST command to copy an existing project (normally used from the UI in the New Item dialog). */
REST_COPY {
@Override void run(JenkinsRule r, String target) throws Exception {
r.createFreeStyleProject("dupe");
JenkinsRule.WebClient wc = wc(r);
wc.getOptions().setRedirectEnabled(false);
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
WebResponse webResponse = wc.getPage(new WebRequest(createCrumbedUrl(r, wc, "createItem?name=" + target + "&mode=copy&from=dupe"), HttpMethod.POST)).getWebResponse();
r.jenkins.getItem("dupe").delete();
if (webResponse.getStatusCode() != HttpStatus.SC_MOVED_TEMPORARILY) {
throw new FailingHttpStatusCodeException(webResponse);
}
}
},
/** Overwrite target using REST command to create a project from XML submission. */
REST_CREATE {
@Override void run(JenkinsRule r, String target) throws Exception {
JenkinsRule.WebClient wc = wc(r);
WebRequest req = new WebRequest(createCrumbedUrl(r, wc, "createItem?name=" + target), HttpMethod.POST);
req.setAdditionalHeader("Content-Type", "application/xml");
req.setRequestBody("<project/>");
wc.getPage(req);
}
},
/** Overwrite target using REST command to rename an existing project (normally used from the UI in the Configure screen). */
REST_RENAME {
@Override void run(JenkinsRule r, String target) throws Exception {
r.createFreeStyleProject("dupe");
JenkinsRule.WebClient wc = wc(r);
wc.getOptions().setRedirectEnabled(false);
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
WebResponse webResponse = wc.getPage(new WebRequest(createCrumbedUrl(r, wc, "job/dupe/doRename?newName=" + target), HttpMethod.POST)).getWebResponse();
if (webResponse.getStatusCode() != HttpStatus.SC_MOVED_TEMPORARILY) {
r.jenkins.getItem("dupe").delete();
throw new FailingHttpStatusCodeException(webResponse);
}
assertNull(r.jenkins.getItem("dupe"));
}
},
/** Overwrite target using the CLI {@code create-job} command. */
CLI_CREATE {
@Override void run(JenkinsRule r, String target) throws Exception {
CLICommand cmd = new CreateJobCommand();
CLICommandInvoker invoker = new CLICommandInvoker(r, cmd);
cmd.setTransportAuth(User.get("attacker").impersonate());
int status = invoker.withStdin(new ByteArrayInputStream("<project/>".getBytes("US-ASCII"))).invokeWithArgs(target).returnCode();
if (status != 0) {
throw new AbortException("CLI command failed with status " + status);
}
}
},
/** Overwrite target using the CLI {@code copy-job} command. */
CLI_COPY {
@Override void run(JenkinsRule r, String target) throws Exception {
r.createFreeStyleProject("dupe");
CLICommand cmd = new CopyJobCommand();
CLICommandInvoker invoker = new CLICommandInvoker(r, cmd);
cmd.setTransportAuth(User.get("attacker").impersonate());
int status = invoker.invokeWithArgs("dupe", target).returnCode();
r.jenkins.getItem("dupe").delete();
if (status != 0) {
throw new AbortException("CLI command failed with status " + status);
}
}
},
/** Overwrite target using a move function normally called from {@code cloudbees-folder} via a {@code move} action. */
MOVE {
@Override void run(JenkinsRule r, String target) throws Exception {
try {
SecurityContext orig = ACL.impersonate(User.get("attacker").impersonate());
try {
Items.move(r.jenkins.getItemByFullName("d", MockFolder.class).createProject(FreeStyleProject.class, target), r.jenkins);
} finally {
SecurityContextHolder.setContext(orig);
}
assertNull(r.jenkins.getItemByFullName("d/" + target));
} catch (Exception x) {
r.jenkins.getItemByFullName("d/" + target).delete();
throw x;
}
}
};
abstract void run(JenkinsRule r, String target) throws Exception;
private static final JenkinsRule.WebClient wc(JenkinsRule r) throws Exception {
return r.createWebClient().login("attacker");
}
// TODO replace with standard version once it is fixed to detect an existing query string
private static URL createCrumbedUrl(JenkinsRule r, JenkinsRule.WebClient wc, String relativePath) throws IOException {
CrumbIssuer issuer = r.jenkins.getCrumbIssuer();
String crumbName = issuer.getDescriptor().getCrumbRequestField();
String crumb = issuer.getCrumb(null);
return new URL(wc.getContextPath() + relativePath + (relativePath.contains("?") ? "&" : "?") + crumbName + "=" + crumb);
}
}
}
test/src/test/java/hudson/model/NodeTest.java
浏览文件 @ 021912b9
......@@ -35,6 +35,7 @@ import hudson.model.Queue.WaitingItem;
import hudson.model.labels.*;
import hudson.model.queue.CauseOfBlockage;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import hudson.security.HudsonPrivateSecurityRealm;
import hudson.security.Permission;
......@@ -53,6 +54,8 @@ import java.util.concurrent.Callable;
import jenkins.model.Jenkins;
import jenkins.security.QueueItemAuthenticatorConfiguration;
import org.acegisecurity.context.SecurityContextHolder;
import static org.hamcrest.core.StringEndsWith.endsWith;
import static org.junit.Assert.*;
import org.junit.Before;
......@@ -123,6 +126,32 @@ public class NodeTest {
assertNull(computer.getOfflineCause());
}
@Test
public void testOfflineCauseAsAnonymous() throws Exception {
Node node = j.createOnlineSlave();
final Computer computer = node.toComputer();
OfflineCause.UserCause cause;
try (ACLContext ctxt = ACL.as(Jenkins.ANONYMOUS)) {
computer.doToggleOffline("original message");
}
cause = (UserCause) computer.getOfflineCause();
assertThat(cause.toString(), endsWith("Disconnected by anonymous : original message"));
assertEquals(User.getUnknown(), cause.getUser());
final User root = User.get("root@localhost");
try (ACLContext ctxt = ACL.as(root.impersonate())) {
computer.doChangeOfflineCause("new message");
}
cause = (UserCause) computer.getOfflineCause();
assertThat(cause.toString(), endsWith("Disconnected by root@localhost : new message"));
assertEquals(root, cause.getUser());
computer.doToggleOffline(null);
assertNull(computer.getOfflineCause());
}
@Test
public void testGetLabelCloud() throws Exception {
Node node = j.createOnlineSlave();
......
test/src/test/java/hudson/model/ParametersTest.java
浏览文件 @ 021912b9
package hudson.model;
import static org.junit.Assert.*;
import com.gargoylesoftware.htmlunit.html.DomNodeUtil;
import com.gargoylesoftware.htmlunit.html.HtmlCheckBoxInput;
import com.gargoylesoftware.htmlunit.html.HtmlElement;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlFormUtil;
import org.junit.Rule;
import org.junit.Test;
import com.gargoylesoftware.htmlunit.html.HtmlOption;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlElement;
import com.gargoylesoftware.htmlunit.html.HtmlTextInput;
import com.gargoylesoftware.htmlunit.html.HtmlCheckBoxInput;
import com.gargoylesoftware.htmlunit.html.HtmlOption;
import hudson.markup.MarkupFormatter;
import java.io.IOException;
import java.io.Writer;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.httpclient.HttpStatus;
import static org.hamcrest.Matchers.*;
import static org.junit.Assert.*;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ErrorCollector;
import org.jvnet.hudson.test.CaptureEnvironmentBuilder;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.JenkinsRule.WebClient;
import java.util.Set;
/**
* @author huybrechts
*/
......@@ -28,6 +33,9 @@ public class ParametersTest {
@Rule
public JenkinsRule j = new JenkinsRule();
@Rule
public ErrorCollector collector = new ErrorCollector();
@Test
public void parameterTypes() throws Exception {
FreeStyleProject otherProject = j.createFreeStyleProject();
......@@ -216,4 +224,52 @@ public class ParametersTest {
final HtmlForm form = page.getFormByName("parameters");
HtmlFormUtil.submit(form, HtmlFormUtil.getButtonByCaption(form, "Build"));
}
@Issue("SECURITY-353")
@Test
public void xss() throws Exception {
j.jenkins.setMarkupFormatter(new MyMarkupFormatter());
FreeStyleProject p = j.createFreeStyleProject("p");
StringParameterDefinition param = new StringParameterDefinition("<param name>", "<param default>", "<param description>");
assertEquals("<b>[</b>param description<b>]</b>", param.getFormattedDescription());
p.addProperty(new ParametersDefinitionProperty(param));
WebClient wc = j.createWebClient();
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
HtmlPage page = wc.getPage(p, "build?delay=0sec");
collector.checkThat(page.getWebResponse().getStatusCode(), is(HttpStatus.SC_METHOD_NOT_ALLOWED)); // 405 to dissuade scripts from thinking this triggered the build
String text = page.getWebResponse().getContentAsString();
collector.checkThat("build page should escape param name", text, containsString("&lt;param name&gt;"));
collector.checkThat("build page should not leave param name unescaped", text, not(containsString("<param name>")));
collector.checkThat("build page should escape param default", text, containsString("&lt;param default&gt;"));
collector.checkThat("build page should not leave param default unescaped", text, not(containsString("<param default>")));
collector.checkThat("build page should mark up param description", text, containsString("<b>[</b>param description<b>]</b>"));
collector.checkThat("build page should not leave param description unescaped", text, not(containsString("<param description>")));
HtmlForm form = page.getFormByName("parameters");
HtmlTextInput value = form.getInputByValue("<param default>");
value.setText("<param value>");
j.submit(form);
j.waitUntilNoActivity();
FreeStyleBuild b = p.getBuildByNumber(1);
page = j.createWebClient().getPage(b, "parameters/");
text = page.getWebResponse().getContentAsString();
collector.checkThat("parameters page should escape param name", text, containsString("&lt;param name&gt;"));
collector.checkThat("parameters page should not leave param name unescaped", text, not(containsString("<param name>")));
collector.checkThat("parameters page should escape param value", text, containsString("&lt;param value&gt;"));
collector.checkThat("parameters page should not leave param value unescaped", text, not(containsString("<param value>")));
collector.checkThat("parameters page should mark up param description", text, containsString("<b>[</b>param description<b>]</b>"));
collector.checkThat("parameters page should not leave param description unescaped", text, not(containsString("<param description>")));
}
static class MyMarkupFormatter extends MarkupFormatter {
@Override
public void translate(String markup, Writer output) throws IOException {
Matcher m = Pattern.compile("[<>]").matcher(markup);
StringBuffer buf = new StringBuffer();
while (m.find()) {
m.appendReplacement(buf, m.group().equals("<") ? "<b>[</b>" : "<b>]</b>");
}
m.appendTail(buf);
output.write(buf.toString());
}
}
}
test/src/test/java/hudson/search/SearchTest.java
浏览文件 @ 021912b9
......@@ -32,14 +32,19 @@ import static org.junit.Assert.fail;
import hudson.model.FreeStyleProject;
import hudson.model.ListView;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import hudson.model.User;
import hudson.model.View;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.AuthorizationStrategy;
import hudson.security.GlobalMatrixAuthorizationStrategy;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
......@@ -383,6 +388,37 @@ public class SearchTest {
assertTrue(suggest(j.jenkins.getSearchIndex(),"foo").contains(p));
}
@Issue("SECURITY-385")
@Test
public void testInaccessibleViews() throws IOException {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
GlobalMatrixAuthorizationStrategy strategy = new GlobalMatrixAuthorizationStrategy();
strategy.add(Jenkins.READ, "alice");
j.jenkins.setAuthorizationStrategy(strategy);
j.jenkins.addView(new ListView("foo", j.jenkins));
// SYSTEM can see all the views
assertEquals("two views exist", 2, Jenkins.getInstance().getViews().size());
List<SearchItem> results = new ArrayList<>();
j.jenkins.getSearchIndex().suggest("foo", results);
assertEquals("nonempty results list", 1, results.size());
// Alice can't
assertFalse("no permission", j.jenkins.getView("foo").getACL().hasPermission(User.get("alice").impersonate(), View.READ));
ACL.impersonate(User.get("alice").impersonate(), new Runnable() {
@Override
public void run() {
assertEquals("no visible views", 0, Jenkins.getInstance().getViews().size());
List<SearchItem> results = new ArrayList<>();
j.jenkins.getSearchIndex().suggest("foo", results);
assertEquals("empty results list", Collections.emptyList(), results);
}
});
}
@Test
public void testSearchWithinFolders() throws Exception {
......
test/src/test/java/hudson/util/SecretCompatTest.java 0 → 100644
浏览文件 @ 021912b9
/*
* The MIT License
*
* Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi
* Copyright (c) 2016, CloudBees Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package hudson.util;
import hudson.model.FreeStyleProject;
import hudson.model.ParameterDefinition;
import hudson.model.ParametersDefinitionProperty;
import hudson.model.PasswordParameterDefinition;
import org.hamcrest.core.Is;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.recipes.LocalData;
import java.io.IOException;
import java.util.regex.Pattern;
import static org.hamcrest.core.Is.isA;
import static org.hamcrest.core.IsNot.not;
import static org.hamcrest.core.StringContains.containsString;
import static org.junit.Assert.*;
/**
* Tests {@link Secret}.
*/
public class SecretCompatTest {
@Rule
public JenkinsRule j = new JenkinsRule() {
@Override
public void before() throws Throwable {
Secret.resetKeyForTest(); //As early as possible
super.before();
}
};
@After
public void after() {
Secret.resetKeyForTest();
}
@Test
@Issue("SECURITY-304")
public void encryptedValueStaysTheSameAfterRoundtrip() throws Exception {
FreeStyleProject project = j.createFreeStyleProject();
project.addProperty(new ParametersDefinitionProperty(new PasswordParameterDefinition("p", "s3cr37", "Keep this a secret")));
project.getAllActions(); // initialize Actionable.actions; otherwise first made nonnull while rendering sidepanel after redirect after round #1 has been saved, so only round #2 has <actions/>
project = j.configRoundtrip(project);
String round1 = project.getConfigFile().asString();
project = j.configRoundtrip(project);
String round2 = project.getConfigFile().asString();
assertEquals(round1, round2);
//But reconfiguring will make it a new value
project = j.jenkins.getItemByFullName(project.getFullName(), FreeStyleProject.class);
project.removeProperty(ParametersDefinitionProperty.class);
project.addProperty(new ParametersDefinitionProperty(new PasswordParameterDefinition("p", "s3cr37", "Keep this a secret")));
project = j.configRoundtrip(project);
String round3 = project.getConfigFile().asString();
assertNotEquals(round2, round3);
//Saving again will produce the same
project = j.configRoundtrip(project);
String round4 = project.getConfigFile().asString();
assertEquals(round3, round4);
}
@Test
@Issue("SECURITY-304")
@LocalData
public void canReadPreSec304Secrets() throws Exception {
FreeStyleProject project = j.jenkins.getItemByFullName("OldSecret", FreeStyleProject.class);
String oldxml = project.getConfigFile().asString();
//It should be unchanged on disk
assertThat(oldxml, containsString("<defaultValue>z/Dd3qrHdQ6/C5lR7uEafM/jD3nQDrGprw3XsfZ/0vo=</defaultValue>"));
ParametersDefinitionProperty property = project.getProperty(ParametersDefinitionProperty.class);
ParameterDefinition definition = property.getParameterDefinitions().get(0);
assertTrue(definition instanceof PasswordParameterDefinition);
Secret secret = ((PasswordParameterDefinition) definition).getDefaultValueAsSecret();
assertEquals("theSecret", secret.getPlainText());
//OK it was read correctly from disk, now the first roundtrip should update the encrypted value
project = j.configRoundtrip(project);
String newXml = project.getConfigFile().asString();
assertNotEquals(oldxml, newXml); //This could have changed because Jenkins has moved on, so not really a good check
assertThat(newXml, not(containsString("<defaultValue>z/Dd3qrHdQ6/C5lR7uEafM/jD3nQDrGprw3XsfZ/0vo=</defaultValue>")));
Pattern p = Pattern.compile("<defaultValue>\\{[A-Za-z0-9+/]+={0,2}}</defaultValue>");
assertTrue(p.matcher(newXml).find());
//But the next roundtrip should result in the same data
project = j.configRoundtrip(project);
String round2 = project.getConfigFile().asString();
assertEquals(newXml, round2);
}
}
test/src/test/java/hudson/util/XStream2Security383Test.java 0 → 100644
浏览文件 @ 021912b9
package hudson.util;
import hudson.model.Items;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import static org.junit.Assert.assertFalse;
import static org.mockito.Mockito.when;
public class XStream2Security383Test {
@Rule
public JenkinsRule j = new JenkinsRule();
@Rule
public TemporaryFolder f = new TemporaryFolder();
@Mock
private StaplerRequest req;
@Mock
private StaplerResponse rsp;
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
}
@Test
@Issue("SECURITY-383")
public void testXmlLoad() throws Exception {
File exploitFile = f.newFile();
try {
// be extra sure there's no file already
if (exploitFile.exists() && !exploitFile.delete()) {
throw new IllegalStateException("file exists and cannot be deleted");
}
File tempJobDir = new File(j.jenkins.getRootDir(), "security383");
String exploitXml = IOUtils.toString(
XStream2Security383Test.class.getResourceAsStream(
"/hudson/util/XStream2Security383Test/config.xml"), "UTF-8");
exploitXml = exploitXml.replace("@TOKEN@", exploitFile.getAbsolutePath());
FileUtils.write(new File(tempJobDir, "config.xml"), exploitXml);
try {
Items.load(j.jenkins, tempJobDir);
} catch (Exception e) {
// ignore
}
assertFalse("no file should be created here", exploitFile.exists());
} finally {
exploitFile.delete();
}
}
@Test
@Issue("SECURITY-383")
public void testPostJobXml() throws Exception {
File exploitFile = f.newFile();
try {
// be extra sure there's no file already
if (exploitFile.exists() && !exploitFile.delete()) {
throw new IllegalStateException("file exists and cannot be deleted");
}
File tempJobDir = new File(j.jenkins.getRootDir(), "security383");
String exploitXml = IOUtils.toString(
XStream2Security383Test.class.getResourceAsStream(
"/hudson/util/XStream2Security383Test/config.xml"), "UTF-8");
exploitXml = exploitXml.replace("@TOKEN@", exploitFile.getAbsolutePath());
when(req.getMethod()).thenReturn("POST");
when(req.getInputStream()).thenReturn(new Stream(IOUtils.toInputStream(exploitXml)));
when(req.getContentType()).thenReturn("application/xml");
when(req.getParameter("name")).thenReturn("foo");
try {
j.jenkins.doCreateItem(req, rsp);
} catch (Exception e) {
// don't care
}
assertFalse("no file should be created here", exploitFile.exists());
} finally {
exploitFile.delete();
}
}
private static class Stream extends ServletInputStream {
private final InputStream inner;
public Stream(final InputStream inner) {
this.inner = inner;
}
@Override
public int read() throws IOException {
return inner.read();
}
@Override
public boolean isFinished() {
throw new UnsupportedOperationException();
}
@Override
public boolean isReady() {
throw new UnsupportedOperationException();
}
@Override
public void setReadListener(ReadListener readListener) {
throw new UnsupportedOperationException();
}
}
}
test/src/test/java/jenkins/model/JenkinsTest.java
浏览文件 @ 021912b9
......@@ -32,6 +32,7 @@ import static org.hamcrest.Matchers.not;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
......@@ -93,6 +94,28 @@ public class JenkinsTest {
@Rule public JenkinsRule j = new JenkinsRule();
@Issue("SECURITY-406")
@Test
public void testUserCreationFromUrlForAdmins() throws Exception {
WebClient wc = j.createWebClient();
assertNull("User not supposed to exist", User.getById("nonexistent", false));
wc.assertFails("user/nonexistent", 404);
assertNull("User not supposed to exist", User.getById("nonexistent", false));
try {
User.ALLOW_USER_CREATION_VIA_URL = true;
// expected to work
wc.goTo("user/nonexistent2");
assertNotNull("User supposed to exist", User.getById("nonexistent2", false));
} finally {
User.ALLOW_USER_CREATION_VIA_URL = false;
}
}
@Test
public void testIsDisplayNameUniqueTrue() throws Exception {
final String curJobName = "curJobName";
......
test/src/test/java/jenkins/security/RekeySecretAdminMonitorTest.java
浏览文件 @ 021912b9
......@@ -11,6 +11,7 @@ import hudson.Util;
import hudson.util.Secret;
import hudson.util.SecretHelper;
import org.apache.commons.io.FileUtils;
import org.hamcrest.CoreMatchers;
import org.jvnet.hudson.test.HudsonTestCase;
import org.jvnet.hudson.test.recipes.Recipe.Runner;
import org.xml.sax.SAXException;
......@@ -20,6 +21,9 @@ import javax.inject.Inject;
import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.regex.Pattern;
import static org.junit.Assert.assertThat;
/**
* @author Kohsuke Kawaguchi
......@@ -28,6 +32,8 @@ public class RekeySecretAdminMonitorTest extends HudsonTestCase {
@Inject
RekeySecretAdminMonitor monitor;
final String plain_regex_match = ".*\\{[A-Za-z0-9+/]+={0,2}}.*";
@Override
protected void setUp() throws Exception {
SecretHelper.set(TEST_KEY);
......@@ -76,8 +82,8 @@ public class RekeySecretAdminMonitorTest extends HudsonTestCase {
private void verifyRewrite(File dir) throws Exception {
File xml = new File(dir, "foo.xml");
assertEquals("<foo>" + encryptNew(TEST_KEY) + "</foo>".trim(),
FileUtils.readFileToString(xml).trim());
Pattern pattern = Pattern.compile("<foo>"+plain_regex_match+"</foo>");
assertTrue(pattern.matcher(FileUtils.readFileToString(xml).trim()).matches());
}
// TODO sometimes fails: "Invalid request submission: {json=[Ljava.lang.String;@2c46358e, .crumb=[Ljava.lang.String;@35661457}"
......
test/src/test/java/jenkins/security/Security380Test.java 0 → 100644
浏览文件 @ 021912b9
package jenkins.security;
import com.gargoylesoftware.htmlunit.Page;
import hudson.model.UnprotectedRootAction;
import hudson.security.ACL;
import hudson.security.FullControlOnceLoggedInAuthorizationStrategy;
import hudson.util.HttpResponses;
import jenkins.model.Jenkins;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.TestExtension;
import org.kohsuke.stapler.HttpResponse;
public class Security380Test {
@Rule
public JenkinsRule j = new JenkinsRule();
@Issue("SECURITY-380")
@Test
public void testGetItemsWithoutAnonRead() throws Exception {
FullControlOnceLoggedInAuthorizationStrategy strategy = new FullControlOnceLoggedInAuthorizationStrategy();
strategy.setAllowAnonymousRead(false);
Jenkins.getInstance().setAuthorizationStrategy(strategy);
Jenkins.getInstance().setSecurityRealm(j.createDummySecurityRealm());
j.createFreeStyleProject();
ACL.impersonate(Jenkins.ANONYMOUS, new Runnable() {
@Override
public void run() {
Assert.assertEquals("no items", 0, Jenkins.getInstance().getItems().size());
}
});
}
@Issue("SECURITY-380")
@Test
public void testGetItems() throws Exception {
FullControlOnceLoggedInAuthorizationStrategy strategy = new FullControlOnceLoggedInAuthorizationStrategy();
strategy.setAllowAnonymousRead(true);
Jenkins.getInstance().setAuthorizationStrategy(strategy);
Jenkins.getInstance().setSecurityRealm(j.createDummySecurityRealm());
j.createFreeStyleProject();
ACL.impersonate(Jenkins.ANONYMOUS, new Runnable() {
@Override
public void run() {
Assert.assertEquals("one item", 1, Jenkins.getInstance().getItems().size());
}
});
}
@Issue("SECURITY-380")
@Test
public void testWithUnprotectedRootAction() throws Exception {
FullControlOnceLoggedInAuthorizationStrategy strategy = new FullControlOnceLoggedInAuthorizationStrategy();
strategy.setAllowAnonymousRead(false);
Jenkins.getInstance().setAuthorizationStrategy(strategy);
Jenkins.getInstance().setSecurityRealm(j.createDummySecurityRealm());
j.createFreeStyleProject();
JenkinsRule.WebClient wc = j.createWebClient();
Page page = wc.goTo("listJobs", "text/plain");
Assert.assertEquals("expect 0 items", "0", page.getWebResponse().getContentAsString().trim());
}
@TestExtension
public static class JobListingUnprotectedRootAction implements UnprotectedRootAction {
@Override
public String getIconFileName() {
return null;
}
@Override
public String getDisplayName() {
return null;
}
@Override
public String getUrlName() {
return "listJobs";
}
public HttpResponse doIndex() throws Exception {
return HttpResponses.plainText(Integer.toString(Jenkins.getInstance().getItems().size()));
}
}
}
test/src/test/java/jenkins/security/s2m/AdminFilePathFilterTest.java 0 → 100644
浏览文件 @ 021912b9
/*
* The MIT License
*
* Copyright 2016 CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package jenkins.security.s2m;
import java.io.File;
import javax.inject.Inject;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
public class AdminFilePathFilterTest {
@Rule
public JenkinsRule r = new JenkinsRule();
@Inject
AdminWhitelistRule rule;
@Before
public void setUp() {
r.jenkins.getInjector().injectMembers(this);
rule.setMasterKillSwitch(false);
}
@Issue({"JENKINS-27055", "SECURITY-358"})
@Test
public void matchBuildDir() throws Exception {
File buildDir = r.buildAndAssertSuccess(r.createFreeStyleProject()).getRootDir();
assertTrue(rule.checkFileAccess("write", new File(buildDir, "whatever")));
assertFalse(rule.checkFileAccess("write", new File(buildDir, "build.xml")));
// WorkflowRun:
assertFalse(rule.checkFileAccess("write", new File(buildDir, "program.dat")));
assertFalse(rule.checkFileAccess("write", new File(buildDir, "workflow/23.xml")));
}
}
test/src/test/java/jenkins/security/DefaultFilePathFilterTest.java test/src/test/java/jenkins/security/s2m/DefaultFilePathFilterTest.java
浏览文件 @ 021912b9
......@@ -22,7 +22,7 @@
* THE SOFTWARE.
*/
package jenkins.security;
package jenkins.security.s2m;
import hudson.FilePath;
import hudson.model.Slave;
......@@ -31,8 +31,6 @@ import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
import jenkins.security.s2m.AdminWhitelistRule;
import jenkins.security.s2m.DefaultFilePathFilter;
import org.jenkinsci.remoting.RoleChecker;
import org.junit.Before;
import org.junit.Test;
......@@ -41,7 +39,6 @@ import org.junit.Rule;
import org.jvnet.hudson.test.JenkinsRule;
import javax.inject.Inject;
import org.jvnet.hudson.test.Issue;
public class DefaultFilePathFilterTest {
......@@ -112,11 +109,4 @@ public class DefaultFilePathFilterTest {
}
}
@Issue("JENKINS-27055")
@Test public void matchBuildDir() throws Exception {
File f = new File(r.buildAndAssertSuccess(r.createFreeStyleProject()).getRootDir(), "whatever");
rule.setMasterKillSwitch(false);
assertTrue(rule.checkFileAccess("write", f));
}
}
test/src/test/java/lib/form/PasswordTest.java
浏览文件 @ 021912b9
......@@ -43,10 +43,13 @@ import java.io.PrintStream;
import java.util.Arrays;
import java.util.Collections;
import java.util.Locale;
import java.util.regex.Pattern;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.not;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertThat;
import org.jvnet.hudson.test.HudsonTestCase;
import org.jvnet.hudson.test.Issue;
......@@ -74,10 +77,18 @@ public class PasswordTest extends HudsonTestCase implements Describable<Password
@Extension
public static final class DescriptorImpl extends Descriptor<PasswordTest> {}
@Issue("SECURITY-266")
@Issue({"SECURITY-266", "SECURITY-304"})
public void testExposedCiphertext() throws Exception {
boolean saveEnabled = Item.EXTENDED_READ.getEnabled();
try {
//final String plain_regex_match = ".*\\{[A-Za-z0-9+/]+={0,2}}.*";
final String xml_regex_match = "\\{[A-Za-z0-9+/]+={0,2}}";
final Pattern xml_regex_pattern = Pattern.compile(xml_regex_match);
final String staticTest = "\n\nvalue=\"{AQAAABAAAAAgXhXgopokysZkduhl+v1gm0UhUBBbjKDVpKz7bGk3mIO53cNTRdlu7LC4jZYEc+vF}\"\n";
//Just a quick verification on what could be on the page and that the regexp is correctly set up
assertThat(xml_regex_pattern.matcher(staticTest).find(), is(true));
jenkins.setSecurityRealm(createDummySecurityRealm());
// TODO 1.645+ use MockAuthorizationStrategy
GlobalMatrixAuthorizationStrategy pmas = new GlobalMatrixAuthorizationStrategy();
......@@ -89,7 +100,7 @@ public class PasswordTest extends HudsonTestCase implements Describable<Password
pmas.add(Item.CREATE, "dev"); // so we can show CopyJobCommand would barf; more realistic would be to grant it only in a subfolder
jenkins.setAuthorizationStrategy(pmas);
Secret s = Secret.fromString("s3cr3t");
String sEnc = s.getEncryptedValue();
//String sEnc = s.getEncryptedValue();
FreeStyleProject p = createFreeStyleProject("p");
p.setDisplayName("Unicode here ←");
p.setDescription("This+looks+like+Base64+but+is+not+a+secret");
......@@ -98,14 +109,15 @@ public class PasswordTest extends HudsonTestCase implements Describable<Password
// Control case: an administrator can read and write configuration freely.
wc.login("admin");
HtmlPage configure = wc.getPage(p, "configure");
assertThat(configure.getWebResponse().getContentAsString(), containsString(sEnc));
assertThat(xml_regex_pattern.matcher(configure.getWebResponse().getContentAsString()).find(), is(true));
submit(configure.getFormByName("config"));
VulnerableProperty vp = p.getProperty(VulnerableProperty.class);
assertNotNull(vp);
assertEquals(s, vp.secret);
Page configXml = wc.goTo(p.getUrl() + "config.xml", "application/xml");
String xmlAdmin = configXml.getWebResponse().getContentAsString();
assertThat(xmlAdmin, containsString("<secret>" + sEnc + "</secret>"));
assertThat(Pattern.compile("<secret>" + xml_regex_match + "</secret>").matcher(xmlAdmin).find(), is(true));
assertThat(xmlAdmin, containsString("<displayName>" + p.getDisplayName() + "</displayName>"));
assertThat(xmlAdmin, containsString("<description>" + p.getDescription() + "</description>"));
// CLICommandInvoker does not work here, as it sets up its own SecurityRealm + AuthorizationStrategy.
......@@ -127,11 +139,11 @@ public class PasswordTest extends HudsonTestCase implements Describable<Password
// Test case: another user with EXTENDED_READ but not CONFIGURE should not get access even to encrypted secrets.
wc.login("dev");
configure = wc.getPage(p, "configure");
assertThat(configure.getWebResponse().getContentAsString(), not(containsString(sEnc)));
assertThat(xml_regex_pattern.matcher(configure.getWebResponse().getContentAsString()).find(), is(false));
configXml = wc.goTo(p.getUrl() + "config.xml", "application/xml");
String xmlDev = configXml.getWebResponse().getContentAsString();
assertThat(xmlDev, not(containsString(sEnc)));
assertEquals(xmlAdmin.replace(sEnc, "********"), xmlDev);
assertThat(xml_regex_pattern.matcher(xmlDev).find(), is(false));
assertEquals(xmlAdmin.replaceAll(xml_regex_match, "********"), xmlDev);
getJobCommand = new GetJobCommand();
Authentication devAuth = User.get("dev").impersonate();
getJobCommand.setTransportAuth(devAuth);
......
test/src/test/resources/hudson/model/ComputerTest/removeUserDetailsFromOfflineCause/config.xml 0 → 100644
浏览文件 @ 021912b9
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.0</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.SecurityRealm$None"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
<noUsageStatistics>true</noUsageStatistics>
</hudson>
test/src/test/resources/hudson/model/ComputerTest/removeUserDetailsFromOfflineCause/nodes/deserialized/config.xml 0 → 100644
浏览文件 @ 021912b9
<?xml version='1.0' encoding='UTF-8'?>
<slave>
<temporaryOfflineCause class="hudson.slaves.OfflineCause$UserCause">
<timestamp>1479196265920</timestamp>
<description>
<holder>
<owner>hudson.slaves.Messages</owner>
</holder>
<key>SlaveComputer.DisconnectedBy</key>
<args>
<string>username</string>
<string> : msg</string>
</args>
</description>
<user>
<fullName>username</fullName>
<properties>
<jenkins.security.ApiTokenProperty>
<apiToken>wPfVKd4HGJzRoEpazbTu35nXXfI34cguPjm+5JPO7pZDFLFgpFLviQsS3NdJndax</apiToken>
</jenkins.security.ApiTokenProperty>
<hudson.tasks.Mailer_-UserProperty/>
<hudson.model.MyViewsProperty>
<views>
<hudson.model.AllView>
<owner class="hudson.model.MyViewsProperty" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
</hudson.model.MyViewsProperty>
<hudson.model.PaneStatusProperties>
<collapsed/>
</hudson.model.PaneStatusProperties>
<hudson.search.UserSearchProperty>
<insensitiveSearch>false</insensitiveSearch>
</hudson.search.UserSearchProperty>
</properties>
</user>
</temporaryOfflineCause>
<name>deserialized</name>
<description>dummy</description>
<remoteFS>...</remoteFS>
<numExecutors>1</numExecutors>
<mode>NORMAL</mode>
<retentionStrategy class="hudson.slaves.RetentionStrategy$2">
<DESCRIPTOR>
<outer-class reference="../.."/>
</DESCRIPTOR>
</retentionStrategy>
<launcher/>
<label></label>
<nodeProperties/>
<userId>SYSTEM</userId>
</slave>
test/src/test/resources/hudson/model/ComputerTest/removeUserDetailsFromOfflineCause/users/username/config.xml 0 → 100644
浏览文件 @ 021912b9
<?xml version='1.0' encoding='UTF-8'?>
<user>
<fullName>username</fullName>
<id>username</id>
<description></description>
<properties>
<jenkins.security.ApiTokenProperty>
<apiToken>qykj8q6EqvMg9LPu+lCqLiXBZvEVdCTWoYJwmicXgH+yh1ZUm85iHe29grd+g3QG</apiToken>
</jenkins.security.ApiTokenProperty>
<com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty plugin="credentials@1.18">
<domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash"/>
</com.cloudbees.plugins.credentials.UserCredentialsProvider_-UserCredentialsProperty>
<hudson.tasks.Mailer_-UserProperty>
<emailAddress></emailAddress>
</hudson.tasks.Mailer_-UserProperty>
<hudson.model.MyViewsProperty>
<primaryViewName></primaryViewName>
<views>
<hudson.model.AllView>
<owner class="hudson.model.MyViewsProperty" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
</hudson.model.MyViewsProperty>
<hudson.model.PaneStatusProperties>
<collapsed/>
</hudson.model.PaneStatusProperties>
<org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl>
<authorizedKeys></authorizedKeys>
</org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl>
<hudson.search.UserSearchProperty>
<insensitiveSearch>false</insensitiveSearch>
</hudson.search.UserSearchProperty>
</properties>
</user>
test/src/test/resources/hudson/util/SecretCompatTest/canReadPreSec304Secrets/config.xml 0 → 100644
浏览文件 @ 021912b9
<?xml version='1.0' encoding='UTF-8'?>
<hudson>
<disabledAdministrativeMonitors/>
<version>1.625.4-SNAPSHOT (private-12/16/2016 18:04 GMT-rsandell)</version>
<numExecutors>2</numExecutors>
<mode>NORMAL</mode>
<useSecurity>true</useSecurity>
<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
<securityRealm class="hudson.security.SecurityRealm$None"/>
<disableRememberMe>false</disableRememberMe>
<projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
<workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<jdks/>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds/>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views>
<hudson.model.AllView>
<owner class="hudson" reference="../../.."/>
<name>All</name>
<filterExecutors>false</filterExecutors>
<filterQueue>false</filterQueue>
<properties class="hudson.model.View$PropertyList"/>
</hudson.model.AllView>
</views>
<primaryView>All</primaryView>
<slaveAgentPort>0</slaveAgentPort>
<label></label>
<nodeProperties/>
<globalNodeProperties/>
</hudson>
\ No newline at end of file
test/src/test/resources/hudson/util/SecretCompatTest/canReadPreSec304Secrets/jobs/OldSecret/config.xml 0 → 100644
浏览文件 @ 021912b9
<?xml version='1.0' encoding='UTF-8'?>
<project>
<actions/>
<description></description>
<keepDependencies>false</keepDependencies>
<properties>
<hudson.model.ParametersDefinitionProperty>
<parameterDefinitions>
<hudson.model.PasswordParameterDefinition>
<name>alice</name>
<description>theSecret</description>
<defaultValue>z/Dd3qrHdQ6/C5lR7uEafM/jD3nQDrGprw3XsfZ/0vo=</defaultValue>
</hudson.model.PasswordParameterDefinition>
</parameterDefinitions>
</hudson.model.ParametersDefinitionProperty>
</properties>
<scm class="hudson.scm.NullSCM"/>
<canRoam>true</canRoam>
<disabled>false</disabled>
<blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
<blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
<triggers/>
<concurrentBuild>false</concurrentBuild>
<builders/>
<publishers/>
<buildWrappers/>
</project>
\ No newline at end of file
test/src/test/resources/hudson/util/SecretCompatTest/canReadPreSec304Secrets/secrets/master.key 0 → 100644
浏览文件 @ 021912b9
4311ab5e95e3da7b9b1360b52cac6f0f666db7b48f9f701296cc07c8f00612b451f1874e584d49560810619e8a6ff6b19f8f58ae1305c515fc62a7b60ea3a69e6058cad16b2c8df317952b749fdaaecab013431da55bb4ea4b8eee754fa043261b51a99a2b537fd57f867cdcb1e209f3bba735a8672dbfc3f10b0e2209a81683
\ No newline at end of file
test/src/test/resources/hudson/util/XStream2Security383Test/config.xml 0 → 100644
浏览文件 @ 021912b9
<set>
<hudson.util.RunList>
<base class="java.util.ServiceLoader">
<providers/>
<lookupIterator>
<configs class="java.util.Collections$3">
<i class="java.util.AbstractList$Itr">
<cursor>0</cursor>
<lastRet>-1</lastRet>
<expectedModCount>0</expectedModCount>
<outer-class class="java.util.Arrays$ArrayList">
<a class="string-array">
<string>foo</string>
</a>
</outer-class>
</i>
<val_-c class="java.util.Arrays$ArrayList" reference="../i/outer-class"/>
</configs>
<pending class="javax.imageio.spi.FilterIterator">
<iter class="java.util.AbstractList$Itr">
<cursor>0</cursor>
<lastRet>-1</lastRet>
<expectedModCount>0</expectedModCount>
<outer-class class="java.util.Arrays$ArrayList">
<a>
<java.lang.ProcessBuilder>
<command>
<string>touch</string>
<string>@TOKEN@</string>
</command>
<redirectErrorStream>false</redirectErrorStream>
</java.lang.ProcessBuilder>
</a>
</outer-class>
</iter>
<filter class="javax.imageio.ImageIO$ContainsFilter">
<method>
<class>java.lang.ProcessBuilder</class>
<name>start</name>
<parameter-types/>
</method>
<name>foo</name>
</filter>
<next class="java.util.HashMap$Node">
<hash>101575</hash>
<key class="string">foo</key>
<value class="string">foo</value>
</next>
</pending>
<outer-class reference="../.."/>
</lookupIterator>
</base>
</hudson.util.RunList>
</set>
\ No newline at end of file
war/pom.xml
浏览文件 @ 021912b9
......@@ -28,7 +28,7 @@ THE SOFTWARE.
<parent>
<groupId>org.jenkins-ci.main</groupId>
<artifactId>pom</artifactId>
<version>2.44-SNAPSHOT</version>
<version>2.45-SNAPSHOT</version>
</parent>
<artifactId>jenkins-war</artifactId>
......
war/src/main/webapp/scripts/hudson-behavior.js
浏览文件 @ 021912b9
......@@ -2355,6 +2355,7 @@ function createSearchBox(searchURL) {
var ac = new YAHOO.widget.AutoComplete("search-box","search-box-completion",ds);
ac.typeAhead = false;
ac.autoHighlight = false;
ac.formatResult = ac.formatEscapedResult;
var box = $("search-box");
var sizer = $("search-box-sizer");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册