Skip to content

J
jenkins

LinuxSuRen / jenkins
与 Fork 源项目一致

从无法访问的项目Fork

通知 2
Star 0
Fork 0
J
jenkins

体验新版 GitCode,发现更多精彩内容 >>

提交 ddf8d8a4 编写于 作者: O Oleg Nenashev
浏览文件
操作

[SECURITY-218] - Finalize the test implementatioin, the issue is reproducible

上级 20564838
隐藏空白更改
内联 并排
Showing with 45 addition and 57 deletion
test/src/test/java/jenkins/security/Security218BlackBoxTest.java
浏览文件 @ ddf8d8a4
......@@ -24,102 +24,75 @@
package jenkins.security;
import hudson.Extension;
import hudson.cli.CLI;
import hudson.cli.CLICommand;
import hudson.cli.CliPort;
import hudson.console.AnnotatedLargeText;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.PermalinkProjectAction;
import hudson.remoting.Callable;
import hudson.remoting.Channel;
import hudson.util.IOUtils;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintStream;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.concurrent.atomic.AtomicLong;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.security.ysoserial.payloads.CommonsCollections1;
import jenkins.security.ysoserial.payloads.CommonsCollections2;
import jenkins.security.ysoserial.payloads.Groovy1;
import jenkins.security.ysoserial.payloads.ObjectPayload;
import jenkins.security.ysoserial.payloads.Payload;
import jenkins.security.ysoserial.payloads.Spring1;
import jenkins.util.Timer;
import org.jenkinsci.remoting.RoleChecker;
import org.junit.Test;
import static org.junit.Assert.*;
import org.junit.Ignore;
import org.junit.Rule;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.TestExtension;
import org.jvnet.hudson.test.recipes.PresetData;
import org.kohsuke.args4j.Argument;
import org.kohsuke.args4j.CmdLineException;
import org.kohsuke.args4j.Option;
public class Security218BlackBoxTest {
@Rule
public JenkinsRule r = new JenkinsRule();
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY) // allow who-am-i to run all the way to completion
@Test
public void probeNoPayload() throws Exception {
probe(null);
}
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY) // allow who-am-i to run all the way to completion
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY)
@Test
@Issue("SECURITY-218")
public void probeCommonsCollections1() throws Exception {
probe(Payload.CommonsCollections1);
}
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY) // allow who-am-i to run all the way to completion
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY)
@Test
@Issue("SECURITY-218")
public void probeCommonsCollections2() throws Exception {
probe(Payload.CommonsCollections2);
}
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY) // allow who-am-i to run all the way to completion
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY)
@Test
@Issue("SECURITY-218")
public void probeGroovy1() throws Exception {
probe(Payload.Groovy1);
}
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY) // allow who-am-i to run all the way to completion
//TODO: Fix the conversion layer (not urgent)
// There is an issue in the conversion layer after the migration to another XALAN namespace
// with newer libs. SECURITY-218 does not apper in this case OOTB anyway
@PresetData(PresetData.DataSet.ANONYMOUS_READONLY)
@Test
@Issue("SECURITY-218")
@Ignore
public void probeSpring1() throws Exception {
probe(Payload.Spring1);
}
private void probe(Payload payload) throws Exception {
final ServerSocket proxySocket = new ServerSocket(0);
final String localhost = r.getURL().getHost();
File file = File.createTempFile("security-218", payload + "-payload");
File moved = new File(file.getAbsolutePath() + "-moved");
// Bypassing _main because it does nothing interesting here.
// Hardcoding CLI protocol version 1 (CliProtocol) because it is easier to sniff.
int exitCode = new CLI(r.getURL()).execute("send-payload",
payload.toString(), "rm " + file.getAbsolutePath());
payload.toString(), "mv " + file.getAbsolutePath() + " " + moved.getAbsolutePath());
assertEquals("CLI Command execution failed", exitCode, 0);
assertTrue("Payload should not delete the file " + file, file.exists());
assertTrue("Payload should not invoke the move operation " + file, !moved.exists());
file.delete();
}
@TestExtension("probeCommonsCollections1")
@TestExtension()
public static class SendPayloadCommand extends CLICommand {
@Override
......@@ -162,20 +135,35 @@ public class Security218BlackBoxTest {
final Object ysoserial = payload.getPayloadClass().newInstance().getObject(command);
// Invoke backward call
Channel.current().call(new Callable<String, Exception>() {
private static final long serialVersionUID = 1L;
@Override
public String call() throws Exception {
// We don't care what happens here. Object should be sent over the channel
return ysoserial.toString();
}
try {
Channel.current().call(new Callable<String, Exception>() {
private static final long serialVersionUID = 1L;
@Override
public String call() throws Exception {
// We don't care what happens here. Object should be sent over the channel
return ysoserial.toString();
}
@Override
public void checkRoles(RoleChecker checker) throws SecurityException {
// do nothing
@Override
public void checkRoles(RoleChecker checker) throws SecurityException {
// do nothing
}
});
} catch (Exception ex) {
Throwable cause = ex;
while (cause.getCause() != null) {
cause = cause.getCause();
}
if (cause.getMessage().contains("cannot be cast to java.util.Set")) {
// We ignore this exception, because there is a known issue in the test payload
// CommonsCollections1, CommonsCollections2 and Groovy1 fail witth this error,
// but actually it means that the conversion has been triggered
} else {
throw ex;
}
});
}
return null;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册