[SECURITY-234] Add test. Add helper method for code reuse

f99cb46e · Daniel Beck · c158648a · f99cb46e · f99cb46e · f99cb46e
3 changed file
--- a/core/src/main/java/hudson/model/UpdateCenter.java
+++ b/core/src/main/java/hudson/model/UpdateCenter.java
@@ -1288,6 +1288,26 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
        }
    }

+    /**
+     * If expectedSHA1 is non-null, ensure that actualSha1 is the same value, otherwise throw.
+     *
+     * Utility method for InstallationJob and HudsonUpgradeJob.
+     *
+     * @throws IOException when checksums don't match, or actual checksum was null.
+     */
+    private void verifyChecksums(String expectedSHA1, String actualSha1, File downloadedFile) throws IOException {
+        if (expectedSHA1 != null) {
+            if (actualSha1 == null) {
+                // refuse to install if SHA-1 could not be computed
+                throw new IOException("Failed to compute SHA-1 of downloaded file, refusing installation");
+            }
+            if (!expectedSHA1.equals(actualSha1)) {
+                throw new IOException("Downloaded file " + downloadedFile.getAbsolutePath() + " does not match expected SHA-1, expected " + expectedSHA1 + ", actual " + actualSha1);
+                // keep 'downloadedFile' around for investigating what's going on
+            }
+        }
+    }
+
    /**
     * Represents the state of the installation activity of one plugin.
     */
@@ -1380,17 +1400,7 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
        @Override
        protected void replace(File dst, File src) throws IOException {

-            if (plugin.getSha1() != null) {
-                // we have an update site that provides SHA-1 checksums, and this is not a plugin file upload
-                if (getComputedSHA1() == null) {
-                    // refuse to install if SHA-1 could not be computed
-                    throw new IOException("Failed to compute SHA-1 of downloaded file, refusing installation");
-                }
-                if (!plugin.getSha1().equals(getComputedSHA1())) {
-                    throw new IOException("Downloaded file " + src.getAbsolutePath() + " does not match expected SHA-1, expected " + plugin.getSha1() + ", actual " + getComputedSHA1());
-                    // keep 'src' around for investigating what's going on
-                }
-            }
+            verifyChecksums(plugin.getSha1(), getComputedSHA1(), src);

            File bak = Util.changeExtension(dst, ".bak");
            bak.delete();
@@ -1525,16 +1535,7 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
        @Override
        protected void replace(File dst, File src) throws IOException {
            String expectedSHA1 = site.getData().core.getSha1();
-            if (expectedSHA1 != null) {
-                if (getComputedSHA1() == null) {
-                    // refuse to install if SHA-1 could not be computed
-                    throw new IOException("Failed to compute SHA-1 of downloaded file, refusing installation");
-                }
-                if (!expectedSHA1.equals(getComputedSHA1())) {
-                    throw new IOException("Downloaded file " + src.getAbsolutePath() + " does not match expected SHA-1, expected " + expectedSHA1 + ", actual " + getComputedSHA1());
-                    // keep 'src' around for investigating what's going on
-                }
-            }
+            verifyChecksums(expectedSHA1, getComputedSHA1(), src);
            Lifecycle.get().rewriteHudsonWar(src);
        }
    }

--- a/core/src/main/java/hudson/model/UpdateSite.java
+++ b/core/src/main/java/hudson/model/UpdateSite.java
@@ -510,7 +510,10 @@ public class UpdateSite {
        @Exported
        public final String url;

-        private final String sha1;
+
+        // non-private, non-final for test
+        @Restricted(NoExternalUse.class)
+        /* final */ String sha1;

        public Entry(String sourceId, JSONObject o) {
            this(sourceId, o, null);

--- a/test/src/test/java/hudson/model/UpdateCenter2Test.java
+++ b/test/src/test/java/hudson/model/UpdateCenter2Test.java
@@ -25,12 +25,16 @@ package hudson.model;

 import hudson.model.UpdateCenter.DownloadJob;
 import hudson.model.UpdateCenter.DownloadJob.Success;
+import hudson.model.UpdateCenter.DownloadJob.Failure;
 import static org.junit.Assert.*;
 import org.junit.Rule;
 import org.junit.Test;
+import org.jvnet.hudson.test.Issue;
 import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.RandomlyFails;

+import java.io.IOException;
+
 /**
 *
 *
@@ -58,4 +62,17 @@ public class UpdateCenter2Test {
        assertEquals(Messages.UpdateCenter_n_a(), j.jenkins.getUpdateCenter().getLastUpdatedString());
    }

+    @Issue("SECURITY-234")
+    @Test public void installInvalidChecksum() throws Exception {
+        UpdateSite.neverUpdate = false;
+        j.jenkins.pluginManager.doCheckUpdatesServer(); // load the metadata
+        String wrongChecksum = "ABCDEFG1234567890";
+
+        // usually the problem is the file having a wrong checksum, but changing the expected one works just the same
+        j.jenkins.getUpdateCenter().getSite("default").getPlugin("changelog-history").sha1 = wrongChecksum;
+        DownloadJob job = (DownloadJob) j.jenkins.getUpdateCenter().getPlugin("changelog-history").deploy().get();
+        assertTrue(job.status instanceof Failure);
+        assertTrue("error message references checksum", ((Failure) job.status).problem.getMessage().contains(wrongChecksum));
+    }
+
 }