Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
LinuxSuRen
jenkins
提交
4443add4
J
jenkins
项目概览
LinuxSuRen
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
4443add4
编写于
6月 13, 2016
作者:
K
Kohsuke Kawaguchi
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'stable-1.651' of github.com:jenkinsci/jenkins into stable-1.651
上级
39dae396
1290c72c
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
185 addition
and
32 deletion
+185
-32
core/src/main/java/hudson/PluginManager.java
core/src/main/java/hudson/PluginManager.java
+15
-11
core/src/main/java/hudson/PluginWrapper.java
core/src/main/java/hudson/PluginWrapper.java
+7
-1
core/src/main/java/hudson/model/CauseAction.java
core/src/main/java/hudson/model/CauseAction.java
+1
-1
core/src/main/java/hudson/model/ParametersAction.java
core/src/main/java/hudson/model/ParametersAction.java
+44
-13
core/src/main/java/hudson/model/Run.java
core/src/main/java/hudson/model/Run.java
+1
-1
core/src/main/java/jenkins/util/JSONSignatureValidator.java
core/src/main/java/jenkins/util/JSONSignatureValidator.java
+5
-1
core/src/main/resources/hudson/PluginManager/_table.js
core/src/main/resources/hudson/PluginManager/_table.js
+6
-0
core/src/main/resources/hudson/PluginManager/installed.jelly
core/src/main/resources/hudson/PluginManager/installed.jelly
+1
-1
pom.xml
pom.xml
+3
-3
test/src/test/java/hudson/model/ParametersActionTest2.java
test/src/test/java/hudson/model/ParametersActionTest2.java
+96
-0
war/src/main/webapp/css/style.css
war/src/main/webapp/css/style.css
+6
-0
未找到文件。
core/src/main/java/hudson/PluginManager.java
浏览文件 @
4443add4
...
...
@@ -978,20 +978,24 @@ public abstract class PluginManager extends AbstractModelObject implements OnMas
@Restricted
(
NoExternalUse
.
class
)
@RequirePOST
public
HttpResponse
doCheckUpdatesServer
()
throws
IOException
{
Jenkins
.
getInstance
().
checkPermission
(
Jenkins
.
ADMINISTER
);
for
(
UpdateSite
site
:
Jenkins
.
getInstance
().
getUpdateCenter
().
getSites
())
{
FormValidation
v
=
site
.
updateDirectlyNow
(
DownloadService
.
signatureCheck
);
if
(
v
.
kind
!=
FormValidation
.
Kind
.
OK
)
{
// TODO crude but enough for now
return
v
;
try
{
for
(
UpdateSite
site
:
Jenkins
.
getInstance
().
getUpdateCenter
().
getSites
())
{
FormValidation
v
=
site
.
updateDirectlyNow
(
DownloadService
.
signatureCheck
);
if
(
v
.
kind
!=
FormValidation
.
Kind
.
OK
)
{
// TODO crude but enough for now
return
v
;
}
}
}
for
(
DownloadService
.
Downloadable
d
:
DownloadService
.
Downloadable
.
all
())
{
FormValidation
v
=
d
.
updateNow
();
if
(
v
.
kind
!=
FormValidation
.
Kind
.
OK
)
{
return
v
;
for
(
DownloadService
.
Downloadable
d
:
DownloadService
.
Downloadable
.
all
())
{
FormValidation
v
=
d
.
updateNow
();
if
(
v
.
kind
!=
FormValidation
.
Kind
.
OK
)
{
return
v
;
}
}
return
HttpResponses
.
forwardToPreviousPage
();
}
catch
(
RuntimeException
ex
)
{
throw
new
IOException
(
"Unhandled exception during updates server check"
,
ex
);
}
return
HttpResponses
.
forwardToPreviousPage
();
}
protected
String
identifyPluginShortName
(
File
t
)
{
...
...
core/src/main/java/hudson/PluginWrapper.java
浏览文件 @
4443add4
...
...
@@ -451,6 +451,10 @@ public class PluginWrapper implements Comparable<PluginWrapper>, ModelObject {
* Enables this plugin next time Jenkins runs.
*/
public
void
enable
()
throws
IOException
{
if
(!
disableFile
.
exists
())
{
LOGGER
.
log
(
Level
.
FINEST
,
"Plugin {0} has been already enabled. Skipping the enable() operation"
,
getShortName
());
return
;
}
if
(!
disableFile
.
delete
())
throw
new
IOException
(
"Failed to delete "
+
disableFile
);
}
...
...
@@ -527,8 +531,10 @@ public class PluginWrapper implements Comparable<PluginWrapper>, ModelObject {
List
<
String
>
missingDependencies
=
new
ArrayList
<
String
>();
// make sure dependencies exist
for
(
Dependency
d
:
dependencies
)
{
if
(
parent
.
getPlugin
(
d
.
shortName
)
==
null
)
PluginWrapper
dependency
=
parent
.
getPlugin
(
d
.
shortName
);
if
(
dependency
==
null
||
!
dependency
.
isActive
())
{
missingDependencies
.
add
(
d
.
toString
());
}
}
if
(!
missingDependencies
.
isEmpty
())
throw
new
IOException
(
"Dependency "
+
Util
.
join
(
missingDependencies
,
", "
)+
" doesn't exist"
);
...
...
core/src/main/java/hudson/model/CauseAction.java
浏览文件 @
4443add4
...
...
@@ -187,7 +187,7 @@ public class CauseAction implements FoldableAction, RunAction2 {
ca
.
causeBag
=
new
LinkedHashMap
<>();
}
ca
.
addCauses
(
ca
.
causes
);
OldDataMonitor
.
report
(
context
,
"
1.653
"
);
OldDataMonitor
.
report
(
context
,
"
1.651.2
"
);
ca
.
causes
=
null
;
}
}
...
...
core/src/main/java/hudson/model/ParametersAction.java
浏览文件 @
4443add4
...
...
@@ -46,6 +46,7 @@ import java.util.HashSet;
import
java.util.Iterator
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.TreeSet
;
import
java.util.logging.Level
;
import
java.util.logging.Logger
;
...
...
@@ -73,7 +74,7 @@ public class ParametersAction implements RunAction2, Iterable<ParameterValue>, Q
public
static
final
String
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
=
ParametersAction
.
class
.
getName
()
+
".safeParameters"
;
private
transient
Lis
t
<
String
>
safeParameters
;
private
Se
t
<
String
>
safeParameters
;
private
final
List
<
ParameterValue
>
parameters
;
...
...
@@ -89,6 +90,29 @@ public class ParametersAction implements RunAction2, Iterable<ParameterValue>, Q
public
ParametersAction
(
List
<
ParameterValue
>
parameters
)
{
this
.
parameters
=
parameters
;
String
paramNames
=
System
.
getProperty
(
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
);
safeParameters
=
new
TreeSet
<>();
if
(
paramNames
!=
null
)
{
safeParameters
.
addAll
(
Arrays
.
asList
(
paramNames
.
split
(
","
)));
}
}
/**
* Constructs a new action with additional safe parameters.
* The additional safe parameters should be only those considered safe to override the environment
* and what is declared in the project config in addition to those specified by the user in
* {@link #SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME}.
* See <a href="https://issues.jenkins-ci.org/browse/SECURITY-170">SECURITY-170</a>
*
* @param parameters the parameters
* @param additionalSafeParameters additional safe parameters
* @since TODO
*/
public
ParametersAction
(
List
<
ParameterValue
>
parameters
,
Collection
<
String
>
additionalSafeParameters
)
{
this
(
parameters
);
if
(
additionalSafeParameters
!=
null
)
{
safeParameters
.
addAll
(
additionalSafeParameters
);
}
}
public
ParametersAction
(
ParameterValue
...
parameters
)
{
...
...
@@ -202,7 +226,9 @@ public class ParametersAction implements RunAction2, Iterable<ParameterValue>, Q
@Nonnull
public
ParametersAction
createUpdated
(
Collection
<?
extends
ParameterValue
>
overrides
)
{
if
(
overrides
==
null
)
{
return
new
ParametersAction
(
parameters
);
ParametersAction
parametersAction
=
new
ParametersAction
(
parameters
);
parametersAction
.
safeParameters
=
this
.
safeParameters
;
return
parametersAction
;
}
List
<
ParameterValue
>
combinedParameters
=
newArrayList
(
overrides
);
Set
<
String
>
names
=
newHashSet
();
...
...
@@ -219,7 +245,7 @@ public class ParametersAction implements RunAction2, Iterable<ParameterValue>, Q
}
}
return
new
ParametersAction
(
combinedParameters
);
return
new
ParametersAction
(
combinedParameters
,
this
.
safeParameters
);
}
/*
...
...
@@ -230,14 +256,27 @@ public class ParametersAction implements RunAction2, Iterable<ParameterValue>, Q
@Nonnull
public
ParametersAction
merge
(
@CheckForNull
ParametersAction
overrides
)
{
if
(
overrides
==
null
)
{
return
new
ParametersAction
(
parameters
);
ParametersAction
parametersAction
=
new
ParametersAction
(
parameters
,
this
.
safeParameters
);
return
parametersAction
;
}
return
createUpdated
(
overrides
.
parameters
);
ParametersAction
parametersAction
=
createUpdated
(
overrides
.
parameters
);
Set
<
String
>
safe
=
new
TreeSet
<>();
if
(
parametersAction
.
safeParameters
!=
null
&&
this
.
safeParameters
!=
null
)
{
safe
.
addAll
(
this
.
safeParameters
);
}
if
(
overrides
.
safeParameters
!=
null
)
{
safe
.
addAll
(
overrides
.
safeParameters
);
}
parametersAction
.
safeParameters
=
safe
;
return
parametersAction
;
}
private
Object
readResolve
()
{
if
(
build
!=
null
)
OldDataMonitor
.
report
(
build
,
"1.283"
);
if
(
safeParameters
==
null
)
{
safeParameters
=
Collections
.
emptySet
();
}
return
this
;
}
...
...
@@ -301,14 +340,6 @@ public class ParametersAction implements RunAction2, Iterable<ParameterValue>, Q
}
private
boolean
isSafeParameter
(
String
name
)
{
if
(
safeParameters
==
null
)
{
String
paramNames
=
System
.
getProperty
(
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
);
if
(
paramNames
!=
null
)
{
safeParameters
=
Arrays
.
asList
(
paramNames
.
split
(
","
));
}
else
{
safeParameters
=
Collections
.
emptyList
();
}
}
return
safeParameters
.
contains
(
name
);
}
...
...
core/src/main/java/hudson/model/Run.java
浏览文件 @
4443add4
...
...
@@ -2394,7 +2394,7 @@ public abstract class Run <JobT extends Job<JobT,RunT>,RunT extends Run<JobT,Run
public
String
getEntryID
(
Run
entry
)
{
return
"tag:"
+
"hudson.dev.java.net,"
+
entry
.
getTimestamp
().
get
(
Calendar
.
YEAR
)
+
":"
+
entry
.
getParent
().
getName
()+
':'
+
entry
.
getId
();
+
entry
.
getParent
().
get
Full
Name
()+
':'
+
entry
.
getId
();
}
public
String
getEntryDescription
(
Run
entry
)
{
...
...
core/src/main/java/jenkins/util/JSONSignatureValidator.java
浏览文件 @
4443add4
...
...
@@ -82,7 +82,11 @@ public class JSONSignatureValidator {
// this is for computing a signature
Signature
sig
=
Signature
.
getInstance
(
"SHA1withRSA"
);
sig
.
initVerify
(
certs
.
get
(
0
));
if
(
certs
.
isEmpty
())
{
return
FormValidation
.
error
(
"No certificate found in %s. Cannot verify the signature"
,
name
);
}
else
{
sig
.
initVerify
(
certs
.
get
(
0
));
}
SignatureOutputStream
sos
=
new
SignatureOutputStream
(
sig
);
// until JENKINS-11110 fix, UC used to serve invalid digest (and therefore unverifiable signature)
...
...
core/src/main/resources/hudson/PluginManager/_table.js
浏览文件 @
4443add4
...
...
@@ -173,6 +173,12 @@ Behaviour.specify("#filter-box", '_table', 0, function(e) {
function
setEnableWidgetStates
()
{
for
(
var
i
=
0
;
i
<
pluginTRs
.
length
;
i
++
)
{
var
pluginMetadata
=
pluginTRs
[
i
].
jenkinsPluginMetadata
;
if
(
pluginTRs
[
i
].
hasClassName
(
'
has-dependants-but-disabled
'
))
{
if
(
pluginMetadata
.
enableInput
.
checked
)
{
pluginTRs
[
i
].
removeClassName
(
'
has-dependants-but-disabled
'
);
}
}
markAllDependantsDisabled
(
pluginTRs
[
i
]);
markHasDisabledDependencies
(
pluginTRs
[
i
]);
}
...
...
core/src/main/resources/hudson/PluginManager/installed.jelly
浏览文件 @
4443add4
...
...
@@ -68,7 +68,7 @@ THE SOFTWARE.
<th width="1">${%Uninstall}</th>
</tr>
<j:forEach var="p" items="${app.pluginManager.plugins}">
<tr class="plugin ${p.hasDependants()?'has-dependants':''} ${p.isDeleted()?'deleted':''}" data-plugin-id="${p.shortName}" data-plugin-name="${p.displayName}">
<tr class="plugin ${p.hasDependants()?'has-dependants':''} ${
(p.hasDependants() && !p.enabled)?'has-dependants-but-disabled':''} ${
p.isDeleted()?'deleted':''}" data-plugin-id="${p.shortName}" data-plugin-name="${p.displayName}">
<j:set var="state" value="${p.enabled?'true':null}"/>
<td class="center pane enable" data="${state}">
<input type="checkbox" checked="${state}" onclick="flip(event)"
...
...
pom.xml
浏览文件 @
4443add4
...
...
@@ -158,7 +158,7 @@ THE SOFTWARE.
<artifactId>
mockito-core
</artifactId>
<version>
1.10.19
</version>
</dependency>
<dependency>
<groupId>
org.powermock
</groupId>
<artifactId>
powermock-module-junit4
</artifactId>
...
...
@@ -179,7 +179,7 @@ THE SOFTWARE.
<dependency>
<groupId>
org.jenkins-ci.main
</groupId>
<artifactId>
remoting
</artifactId>
<version>
2.5
7
</version>
<version>
2.5
9
</version>
</dependency>
<dependency>
...
...
@@ -630,7 +630,7 @@ THE SOFTWARE.
<configuration>
<source>
1.${java.level}
</source>
<target>
1.${java.level}
</target>
<!-- default reuseCreated is more performant
<!-- default reuseCreated is more performant
feel free to uncomment if you have any issues on your platform
<compilerReuseStrategy>alwaysNew</compilerReuseStrategy>
-->
...
...
test/src/test/java/hudson/model/ParametersActionTest2.java
浏览文件 @
4443add4
...
...
@@ -10,6 +10,7 @@ import org.jvnet.hudson.test.recipes.LocalData;
import
java.io.IOException
;
import
java.util.Arrays
;
import
java.util.Collection
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
static
org
.
junit
.
Assert
.
assertFalse
;
...
...
@@ -149,6 +150,100 @@ public class ParametersActionTest2 {
}
}
@Test
@Issue
(
"SECURITY-170"
)
public
void
whitelistedParameterByOverride
()
throws
Exception
{
FreeStyleProject
p
=
j
.
createFreeStyleProject
();
String
name
=
p
.
getFullName
();
p
.
addProperty
(
new
ParametersDefinitionProperty
(
Arrays
.<
ParameterDefinition
>
asList
(
new
StringParameterDefinition
(
"foo"
,
"foo"
),
new
StringParameterDefinition
(
"bar"
,
"bar"
))));
try
{
ParametersAction
action
=
new
ParametersAction
(
Arrays
.<
ParameterValue
>
asList
(
new
StringParameterValue
(
"foo"
,
"baz"
),
new
StringParameterValue
(
"bar"
,
"bar"
),
new
StringParameterValue
(
"whitelisted1"
,
"x"
),
new
StringParameterValue
(
"whitelisted2"
,
"y"
),
new
StringParameterValue
(
"whitelisted3"
,
"y"
)
),
Arrays
.
asList
(
"whitelisted1"
,
"whitelisted2"
));
FreeStyleBuild
build
=
j
.
assertBuildStatusSuccess
(
p
.
scheduleBuild2
(
0
,
new
Cause
.
UserIdCause
(),
action
));
assertTrue
(
"whitelisted1 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted1"
));
assertTrue
(
"whitelisted2 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted2"
));
assertFalse
(
"whitelisted3 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted3"
));
p
=
null
;
build
=
null
;
j
.
jenkins
.
reload
();
//Test again after reload
p
=
j
.
jenkins
.
getItemByFullName
(
name
,
FreeStyleProject
.
class
);
build
=
p
.
getLastBuild
();
assertTrue
(
"whitelisted1 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted1"
));
assertTrue
(
"whitelisted2 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted2"
));
assertFalse
(
"whitelisted3 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted3"
));
}
finally
{
System
.
clearProperty
(
ParametersAction
.
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
);
}
}
@Test
@Issue
(
"SECURITY-170"
)
public
void
whitelistedParameterSameAfterChange
()
throws
Exception
{
FreeStyleProject
p
=
j
.
createFreeStyleProject
();
String
name
=
p
.
getFullName
();
p
.
addProperty
(
new
ParametersDefinitionProperty
(
Arrays
.<
ParameterDefinition
>
asList
(
new
StringParameterDefinition
(
"foo"
,
"foo"
),
new
StringParameterDefinition
(
"bar"
,
"bar"
))));
try
{
System
.
setProperty
(
ParametersAction
.
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
,
"whitelisted1,whitelisted2"
);
FreeStyleBuild
build
=
j
.
assertBuildStatusSuccess
(
p
.
scheduleBuild2
(
0
,
new
Cause
.
UserIdCause
(),
new
ParametersAction
(
new
StringParameterValue
(
"foo"
,
"baz"
),
new
StringParameterValue
(
"bar"
,
"bar"
),
new
StringParameterValue
(
"whitelisted1"
,
"x"
),
new
StringParameterValue
(
"whitelisted2"
,
"y"
),
new
StringParameterValue
(
"whitelisted3"
,
"z"
),
new
StringParameterValue
(
"whitelisted4"
,
"w"
)
)));
assertTrue
(
"whitelisted1 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted1"
));
assertTrue
(
"whitelisted2 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted2"
));
assertFalse
(
"whitelisted3 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted3"
));
assertFalse
(
"whitelisted4 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted4"
));
System
.
setProperty
(
ParametersAction
.
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
,
"whitelisted3,whitelisted4"
);
p
=
null
;
build
=
null
;
j
.
jenkins
.
reload
();
p
=
j
.
jenkins
.
getItemByFullName
(
name
,
FreeStyleProject
.
class
);
build
=
p
.
getLastBuild
();
assertTrue
(
"whitelisted1 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted1"
));
assertTrue
(
"whitelisted2 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted2"
));
assertFalse
(
"whitelisted3 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted3"
));
assertFalse
(
"whitelisted4 parameter is listed in getParameters"
,
hasParameterWithName
(
build
.
getAction
(
ParametersAction
.
class
),
"whitelisted4"
));
}
finally
{
System
.
clearProperty
(
ParametersAction
.
SAFE_PARAMETERS_SYSTEM_PROPERTY_NAME
);
}
}
@Test
@Issue
(
"SECURITY-170"
)
public
void
nonParameterizedJob
()
throws
Exception
{
...
...
@@ -194,6 +289,7 @@ public class ParametersActionTest2 {
return
false
;
}
public
static
class
ParametersCheckBuilder
extends
Builder
{
private
final
boolean
expectLegacyBehavior
;
...
...
war/src/main/webapp/css/style.css
浏览文件 @
4443add4
...
...
@@ -1349,6 +1349,12 @@ TABLE.fingerprint-in-build TD {
opacity
:
0.2
;
}
#plugins
tr
.has-dependants-but-disabled
.enable
input
{
pointer-events
:
auto
;
opacity
:
1.0
;
visibility
:
visible
;
}
#plugins
tr
.has-disabled-dependency
.enable
input
{
opacity
:
0.4
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录