Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Draft for review of security for plugin developers #4701

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
+342 −61
Open

Draft for review of security for plugin developers #4701

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
0486111
Draft for review of security for plugin developers
Nov 8, 2021
6a6061f
Add info about protecting secrets
Nov 9, 2021
81aea4b
delete duplicate line
Nov 10, 2021
7e928d4
delete duplicate line
Nov 10, 2021
3a1e354
Move security-for-plugin-developers to /doc/developer
Nov 11, 2021
7be2288
Merge branch '1107-plugin-authors' of github.com:StackScribe/jenkins.…
Nov 11, 2021
34c0f81
add link to developer/security/index.adoc from book/security/index.adoc
Nov 11, 2021
ca2d8fa
Fix link URL
Nov 11, 2021
4a177a1
Fix link URL
Nov 11, 2021
d36895f
fix link url
Nov 11, 2021
6e35dc7
edit security-architecture
Nov 11, 2021
c2042ba
Merge branch '1107-plugin-authors' of github.com:StackScribe/jenkins.…
Nov 11, 2021
d7ecebf
edit form-validation; add to index.adoc checklist
Nov 12, 2021
4bec57c
Merge branch 'master' into 1107-plugin-authors
MarkEWaite Aug 12, 2022
318aeaf
delete duplicate item about disk storage
StackScribe May 10, 2024
82cdd09
capitalization
StackScribe May 10, 2024
67a4e53
Duplicated text
StackScribe May 10, 2024
1875608
wordsmithing CLI section
StackScribe May 10, 2024
158013c
Merge branch 'master' into 1107-plugin-authors
MarkEWaite Jun 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 4 additions & 0 deletions content/doc/book/security/_chapter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,7 @@ sections:

# Further references
- services

- controller-isolation/required-role-check
- plugin-developer

52 changes: 52 additions & 0 deletions content/doc/book/security/plugin-developer.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
title: Security for Plugin Developers
layout: section
---
ifdef::backend-html5[]
:toc:
ifdef::env-github[:imagesdir: ../resources]
ifndef::env-github[:imagesdir: ../../resources]
:hide-uri-scheme:
endif::[]

Developers and maintainers of plugins play a crucial role in maintaining Jenkins security.
This page summarizes the security practices required.

== Monitor Security Advisories

Monitor Jenkins
link:https://www.jenkins.io/security/advisories/[Security Advisories]
closely.
It may be necessary to modify your plugin to work and comply with security fixes.

== Store User Credentials as Secrets

Protect user credentials by storing them on disk in a field of type `Secret`
and never in a simple `String` field.
StackScribe marked this conversation as resolved.
Show resolved Hide resolved
and never in a simple `String` field.
Use a getter that returns the same type to access the `Secrets` field
from other code.
See
link:https://www.jenkins.io/doc/developer/security/secrets/[Storing Secrets]
for background information, instructions, and code examples.

== Script Security

Be sure that your plugin implements appropriate security
for custom Groovy scripts that users may need to create to customize Jenkins.

For more information, see the _Developer's Guide_ section of the
link:https://plugins.jenkins.io/script-security/[Script Security] documentation.

== Provide Role Check for Callable

Communication between the Jenkins controller and agents is implemented with the Java
link:https://docs.oracle.com/javase/7/docs/api/java/util/concurrent/Callable.html[Callable] interface.
Plugins should always implement a _role check_ that runs after a
`Callable` message to ensure that the object executes on the proper side of the controller-agent communication.
Jenkins 2.319 and Jenkins LTS 2.303.3 and later releases enforce this behavior.
A plugin that does not comply throws a `SecurityException` and logs an error message.

See
link:http://localhost:4242/doc/book/security/controller-isolation/required-role-check/[Required Role Check]
for more information.