Skip to content
Permalink
Browse files

[JENKINS-49543] - Add direct unit test for module class whitelisting

(cherry picked from commit 800668b)
  • Loading branch information...
oleg-nenashev authored and olivergondza committed Feb 14, 2018
1 parent db0bdde commit 2ce5036cb06a7dab0d4868e9539c8d42e7a5678c
@@ -24,6 +24,7 @@

package jenkins.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSet;
import hudson.ExtensionList;
import hudson.Main;
@@ -105,7 +106,8 @@ private static void mockOff() {
ClassFilter.setDefault(ClassFilter.NONE); // even Method on the standard blacklist is going to explode
}

private ClassFilterImpl() {}
@VisibleForTesting
/*package*/ ClassFilterImpl() {}

/** Whether a given class is blacklisted. */
private final Map<Class<?>, Boolean> cache = Collections.synchronizedMap(new WeakHashMap<>());
@@ -36,6 +36,7 @@
import hudson.model.FreeStyleProject;
import hudson.model.Result;
import hudson.model.Saveable;
import hudson.remoting.ClassFilter;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import java.io.IOException;
@@ -51,6 +52,7 @@
import org.junit.ClassRule;
import org.junit.Rule;
import org.jvnet.hudson.test.BuildWatcher;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.LoggerRule;
import org.jvnet.hudson.test.TestExtension;
@@ -149,6 +151,16 @@ public void xstreamRequiresWhitelist() throws Exception {
assertEquals(Collections.singleton(config), data.keySet());
assertThat(data.values().iterator().next().extra, allOf(containsString("LinkedListMultimap"), containsString("https://jenkins.io/redirect/class-filter/")));
}

@Test
@Issue("JENKINS-49543")
public void moduleClassesShouldBeWhitelisted() throws Exception {
ClassFilterImpl filter = new ClassFilterImpl();
filter.check("org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl");
filter.check("org.jenkinsci.modules.windows_slave_installer.WindowsSlaveInstaller");
filter.check("org.jenkinsci.main.modules.instance_identity.PageDecoratorImpl");
}

@TestExtension("xstreamRequiresWhitelist")
public static class Config extends GlobalConfiguration {
LinkedListMultimap<?, ?> obj;

0 comments on commit 2ce5036

Please sign in to comment.
You can’t perform that action at this time.