-
Notifications
You must be signed in to change notification settings - Fork 714
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
434e795
commit 73afe3c
Showing
13 changed files
with
702 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
integrations/src/test/java/io/jenkins/plugins/casc/MailExtTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
package io.jenkins.plugins.casc; | ||
|
||
import hudson.plugins.emailext.ExtendedEmailPublisher; | ||
import io.jenkins.plugins.casc.misc.ConfiguredWithCode; | ||
import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule; | ||
import java.util.logging.Level; | ||
import java.util.logging.Logger; | ||
import org.junit.Rule; | ||
import org.junit.Test; | ||
import org.junit.rules.RuleChain; | ||
import org.jvnet.hudson.test.Issue; | ||
import org.jvnet.hudson.test.LoggerRule; | ||
|
||
import static io.jenkins.plugins.casc.misc.Util.assertLogContains; | ||
import static io.jenkins.plugins.casc.misc.Util.assertNotInLog; | ||
import static org.hamcrest.CoreMatchers.containsString; | ||
import static org.hamcrest.CoreMatchers.not; | ||
import static org.junit.Assert.assertEquals; | ||
import static org.junit.Assert.assertThat; | ||
|
||
public class MailExtTest { | ||
|
||
public JenkinsConfiguredWithCodeRule j = new JenkinsConfiguredWithCodeRule(); | ||
public LoggerRule logging = new LoggerRule(); | ||
|
||
@Rule | ||
public RuleChain chain= RuleChain | ||
.outerRule(logging.record(Logger.getLogger(Attribute.class.getName()), Level.INFO).capture(2048)) | ||
.around(j); | ||
|
||
private static final String SMTP_PASSWORD = "myPassword"; | ||
|
||
@Test | ||
@ConfiguredWithCode("MailExtTest.yml") | ||
@Issue("SECURITY-1404") | ||
public void shouldNotExportOrLogCredentials() throws Exception { | ||
assertEquals(SMTP_PASSWORD, ExtendedEmailPublisher.descriptor().getSmtpPassword().getPlainText()); | ||
assertLogContains(logging, "smtpPassword ="); | ||
assertNotInLog(logging, SMTP_PASSWORD); | ||
|
||
// Verify that the password does not get exported | ||
String exportedConfig = j.exportToString(false); | ||
assertThat("No entry was exported for SMTP credentials", exportedConfig, containsString("smtpPassword")); | ||
assertThat("There should be no SMTP password in the exported YAML", exportedConfig, not(containsString(SMTP_PASSWORD))); | ||
} | ||
} |
66 changes: 66 additions & 0 deletions
66
integrations/src/test/java/io/jenkins/plugins/casc/SSHCredentialsTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package io.jenkins.plugins.casc; | ||
|
||
import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey; | ||
import com.cloudbees.plugins.credentials.Credentials; | ||
import com.cloudbees.plugins.credentials.CredentialsProvider; | ||
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials; | ||
import io.jenkins.plugins.casc.misc.ConfiguredWithCode; | ||
import io.jenkins.plugins.casc.misc.JenkinsConfiguredWithCodeRule; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.logging.Level; | ||
import jenkins.model.Jenkins; | ||
import org.junit.Rule; | ||
import org.junit.Test; | ||
import org.junit.rules.RuleChain; | ||
import org.jvnet.hudson.test.Issue; | ||
import org.jvnet.hudson.test.LoggerRule; | ||
|
||
import static io.jenkins.plugins.casc.misc.Util.assertNotInLog; | ||
import static org.hamcrest.CoreMatchers.containsString; | ||
import static org.hamcrest.CoreMatchers.not; | ||
import static org.junit.Assert.assertEquals; | ||
import static org.junit.Assert.assertThat; | ||
|
||
/** | ||
* Integration tests for the SSH Credentials Plugin. | ||
*/ | ||
public class SSHCredentialsTest { | ||
|
||
public JenkinsConfiguredWithCodeRule j = new JenkinsConfiguredWithCodeRule(); | ||
public LoggerRule logging = new LoggerRule(); | ||
|
||
@Rule | ||
public RuleChain chain= RuleChain | ||
.outerRule(logging.record("io.jenkins.plugins.casc.Attribute", Level.INFO).capture(2048)) | ||
.around(j); | ||
|
||
private static final String CREDENTIALS_PASSWORD = "password-of-userid"; | ||
private static final String PRIVATE_KEY = "sp0ds9d+skkfjf"; | ||
|
||
@Test | ||
@ConfiguredWithCode("SSHCredentialsTest.yml") | ||
@Issue("SECURITY-1279") | ||
public void shouldNotExportOrLogCredentials() throws Exception { | ||
StandardUsernamePasswordCredentials creds = getCredentials(StandardUsernamePasswordCredentials.class); | ||
assertEquals(CREDENTIALS_PASSWORD, creds.getPassword().getPlainText()); | ||
assertNotInLog(logging, CREDENTIALS_PASSWORD); | ||
|
||
BasicSSHUserPrivateKey certKey = getCredentials(BasicSSHUserPrivateKey.class); | ||
assertEquals(PRIVATE_KEY, certKey.getPrivateKey()); | ||
assertNotInLog(logging, PRIVATE_KEY); | ||
|
||
// Verify that the password does not get exported | ||
String exportedConfig = j.exportToString(false); | ||
assertThat("There should be no password in the exported YAML", exportedConfig, not(containsString(CREDENTIALS_PASSWORD))); | ||
assertThat("There should be no private key in the exported YAML", exportedConfig, not(containsString(PRIVATE_KEY))); | ||
} | ||
|
||
private <T extends Credentials> T getCredentials(Class<T> clazz) { | ||
List<T> creds = CredentialsProvider.lookupCredentials( | ||
clazz, Jenkins.getInstanceOrNull(), | ||
null, Collections.emptyList()); | ||
assertEquals(1, creds.size()); | ||
return (T)creds.get(0); | ||
} | ||
} |
7 changes: 7 additions & 0 deletions
7
integrations/src/test/resources/io/jenkins/plugins/casc/MailExtTest.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
unclassified: | ||
extendedEmailPublisher: | ||
smtpUsername: email@acmecorp.com | ||
smtpPassword: myPassword | ||
defaultContentType: text/plain | ||
defaultSubject: "Build $BUILD_NUMBER - $BUILD_STATUS" | ||
defaultBody: "Check console output at $BUILD_URL" |
21 changes: 21 additions & 0 deletions
21
integrations/src/test/resources/io/jenkins/plugins/casc/SSHCredentialsTest.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
jenkins: | ||
systemMessage: Jenkins with SSH Credentials for JCasC test | ||
|
||
credentials: | ||
system: | ||
domainCredentials: | ||
- credentials: | ||
- usernamePassword: | ||
scope: SYSTEM | ||
id: "userid" | ||
username: "username-of-userid" | ||
password: "password-of-userid" | ||
- basicSSHUserPrivateKey: | ||
scope: SYSTEM | ||
id: "userid2" | ||
username: "username-of-userid2" | ||
passphrase: "passphrase-of-userid2" | ||
description: "the description of userid2" | ||
privateKeySource: | ||
directEntry: | ||
privateKey: "sp0ds9d+skkfjf" |
Oops, something went wrong.