Merge pull request #1251 from daniel-beck/JENKINS-14583

[FIX JENKINS-14538] Improve builds dir input validation

Merge pull request #1251 from daniel-beck/JENKINS-14583
[FIX JENKINS-14538] Improve builds dir input validation
5751560f · Daniel Beck · e8b1a500 · 50cbded7 · 5751560f · 5751560f
2 changed file
--- a/core/src/main/java/jenkins/model/Jenkins.java
+++ b/core/src/main/java/jenkins/model/Jenkins.java
@@ -1753,14 +1753,43 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
        }

        public FormValidation doCheckRawBuildsDir(@QueryParameter String value) {
-            if (!value.contains("${")) {
-                File d = new File(value);
-                if (!d.isDirectory() && (d.getParentFile() == null || !d.getParentFile().canWrite())) {
+            // do essentially what expandVariablesForDirectory does, without an Item
+            String replacedValue = expandVariablesForDirectory(value,
+                    "doCheckRawBuildsDir-Marker:foo",
+                    Jenkins.getInstance().getRootDir().getPath() + "/jobs/doCheckRawBuildsDir-Marker$foo");
+
+            File replacedFile = new File(replacedValue);
+            if (!replacedFile.isAbsolute()) {
+                return FormValidation.error(value + " does not resolve to an absolute path");
+            }
+
+            if (!replacedValue.contains("doCheckRawBuildsDir-Marker")) {
+                return FormValidation.error(value + " does not contain ${ITEM_FULL_NAME} or ${ITEM_ROOTDIR}, cannot distinguish between projects");
+            }
+
+            if (replacedValue.contains("doCheckRawBuildsDir-Marker:foo")) {
+                // make sure platform can handle colon
+                try {
+                    File tmp = File.createTempFile("Jenkins-doCheckRawBuildsDir", "foo:bar");
+                    tmp.delete();
+                } catch (IOException e) {
+                    return FormValidation.error(value + " contains ${ITEM_FULLNAME} but your system does not support it (JENKINS-12251). Use ${ITEM_FULL_NAME} instead");
+                }
+            }
+
+            File d = new File(replacedValue);
+            if (!d.isDirectory()) {
+                // if dir does not exist (almost guaranteed) need to make sure nearest existing ancestor can be written to
+                d = d.getParentFile();
+                while (!d.exists()) {
+                    d = d.getParentFile();
+                }
+                if (!d.canWrite()) {
                    return FormValidation.error(value + " does not exist and probably cannot be created");
                }
-                // TODO failure to use either ITEM_* variable might be an error too?
            }
-            return FormValidation.ok(); // TODO assumes it will be OK after substitution, but can we be sure?
+
+            return FormValidation.ok();
        }

        // to route /descriptor/FQCN/xxx to getDescriptor(FQCN).xxx
@@ -1949,11 +1978,17 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
    }

    private File expandVariablesForDirectory(String base, Item item) {
-        return new File(Util.replaceMacro(base, ImmutableMap.of(
-                "JENKINS_HOME", getRootDir().getPath(),
-                "ITEM_ROOTDIR", item.getRootDir().getPath(),
-                "ITEM_FULLNAME", item.getFullName(),   // legacy, deprecated
-                "ITEM_FULL_NAME", item.getFullName().replace(':','$')))); // safe, see JENKINS-12251
+        return new File(expandVariablesForDirectory(base, item.getFullName(), item.getRootDir().getPath()));
+    }
+
+    @Restricted(NoExternalUse.class)
+    static String expandVariablesForDirectory(String base, String itemFullName, String itemRootDir) {
+        return Util.replaceMacro(base, ImmutableMap.of(
+                "JENKINS_HOME", Jenkins.getInstance().getRootDir().getPath(),
+                "ITEM_ROOTDIR", itemRootDir,
+                "ITEM_FULLNAME", itemFullName,   // legacy, deprecated
+                "ITEM_FULL_NAME", itemFullName.replace(':','$'))); // safe, see JENKINS-12251
+
    }
    
    public String getRawWorkspaceDir() {

--- a/core/src/test/java/jenkins/model/JenkinsDescriptorTest.java
+++ b/core/src/test/java/jenkins/model/JenkinsDescriptorTest.java
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2014 Daniel Beck
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package jenkins.model;
+
+import hudson.util.FormValidation;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import java.io.File;
+
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.when;
+
+@RunWith(PowerMockRunner.class)
+public class JenkinsDescriptorTest {
+
+    @Mock
+    Jenkins jenkins;
+
+    @Before
+    public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+    }
+
+    private FormValidation checkBuildsDir(String buildsDir) {
+        return Jenkins.DescriptorImpl.INSTANCE.doCheckRawBuildsDir(buildsDir);
+    }
+
+    private boolean isOK(String buildsDir) {
+        return checkBuildsDir(buildsDir).kind == FormValidation.Kind.OK;
+    }
+
+    private boolean isError(String buildsDir) {
+        return checkBuildsDir(buildsDir).kind == FormValidation.Kind.ERROR;
+    }
+
+    @Test
+    @PrepareForTest(Jenkins.class)
+    public void testBuildDirValidation() {
+        PowerMockito.mockStatic(Jenkins.class);
+        PowerMockito.when(Jenkins.getInstance()).thenReturn(jenkins);
+        PowerMockito.when(Jenkins.expandVariablesForDirectory(anyString(), anyString(), anyString())).thenCallRealMethod();
+        when(jenkins.getRootDir()).thenReturn(new File(".").getAbsoluteFile());
+
+        assertTrue(isOK("$JENKINS_HOME/foo/$ITEM_FULL_NAME"));
+        assertTrue(isOK("${ITEM_ROOTDIR}/builds"));
+
+        assertTrue(isError("$JENKINS_HOME"));
+        assertTrue(isError("$JENKINS_HOME/builds"));
+        assertTrue(isError("$ITEM_FULL_NAME"));
+        assertTrue(isError("/path/to/builds"));
+        assertTrue(isError("/invalid/$JENKINS_HOME"));
+        assertTrue(isError("relative/ITEM_FULL_NAME"));
+
+        // TODO test literal absolute paths (e.g. /foo/$ITEM_FULL_NAME), ITEM_FULLNAME
+    }
+
+}
\ No newline at end of file