Permalink
Browse files

[SECURITY-595]

Co-Authored-By: Wadeck Follonier <wadeck.follonier@gmail.com>
  • Loading branch information...
daniel-beck and Wadeck committed Nov 21, 2018
1 parent 73afa0c commit 47f38d714c99e1841fb737ad1005618eb26ed852
Showing with 5,044 additions and 3 deletions.
  1. +6 −1 core/pom.xml
  2. +2 −0 core/src/main/java/hudson/ProxyConfiguration.java
  3. +2 −0 core/src/main/java/hudson/TcpSlaveAgentListener.java
  4. +2 −0 core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java
  5. +3 −0 core/src/main/java/hudson/model/Computer.java
  6. +3 −0 core/src/main/java/hudson/model/ModelObject.java
  7. +2 −0 core/src/main/java/hudson/model/ParameterValue.java
  8. +2 −0 core/src/main/java/hudson/model/Queue.java
  9. +4 −0 core/src/main/java/hudson/model/UpdateCenter.java
  10. +2 −0 core/src/main/java/hudson/model/View.java
  11. +2 −0 core/src/main/java/hudson/security/AuthorizationStrategy.java
  12. +2 −0 core/src/main/java/hudson/security/csrf/CrumbIssuer.java
  13. +2 −0 core/src/main/java/jenkins/diagnosis/HsErrPidList.java
  14. +2 −0 core/src/main/java/jenkins/install/InstallState.java
  15. +19 −0 core/src/main/java/jenkins/model/Jenkins.java
  16. +133 −0 core/src/main/java/jenkins/security/stapler/DoActionFilter.java
  17. +38 −0 core/src/main/java/jenkins/security/stapler/RoutingDecisionProvider.java
  18. +76 −0 core/src/main/java/jenkins/security/stapler/StaplerFilteredActionListener.java
  19. +266 −0 core/src/main/java/jenkins/security/stapler/StaticRoutingDecisionProvider.java
  20. +276 −0 core/src/main/java/jenkins/security/stapler/TypedFilter.java
  21. +101 −0 core/src/main/java/jenkins/security/stapler/WebMethodConstants.java
  22. +177 −0 core/src/main/resources/jenkins/security/stapler/default-whitelist.txt
  23. +116 −0 core/src/test/java/jenkins/security/stapler/StaplerSignaturesTest.java
  24. +6 −0 test/pom.xml
  25. +15 −0 test/src/test/java/hudson/model/ViewTest.java
  26. +1 −1 test/src/test/java/hudson/util/FormFieldValidatorTest.java
  27. +114 −0 test/src/test/java/jenkins/security/stapler/CustomRoutingDecisionProviderTest.java
  28. +738 −0 test/src/test/java/jenkins/security/stapler/DoActionFilterTest.java
  29. +73 −0 test/src/test/java/jenkins/security/stapler/DynamicTest.java
  30. +500 −0 test/src/test/java/jenkins/security/stapler/GetterMethodFilterTest.java
  31. +26 −0 test/src/test/java/jenkins/security/stapler/JenkinsSupportAnnotationsTest.java
  32. +120 −0 test/src/test/java/jenkins/security/stapler/PreventRoutingTest.java
  33. +609 −0 test/src/test/java/jenkins/security/stapler/Security400Test.java
  34. +205 −0 test/src/test/java/jenkins/security/stapler/StaplerAbstractTest.java
  35. +90 −0 test/src/test/java/jenkins/security/stapler/StaplerRoutableActionTest.java
  36. +156 −0 test/src/test/java/jenkins/security/stapler/StaplerRoutableFieldTest.java
  37. +172 −0 test/src/test/java/jenkins/security/stapler/StaplerRoutableGetterTest.java
  38. +236 −0 test/src/test/java/jenkins/security/stapler/StaticRoutingDecisionProvider2Test.java
  39. +513 −0 test/src/test/java/jenkins/security/stapler/StaticRoutingDecisionProviderTest.java
  40. +209 −0 test/src/test/java/jenkins/security/stapler/TypedFilterTest.java
  41. +1 −1 test/src/test/resources/hudson/model/UsageStatisticsTest/jobs.json
  42. +6 −0 ...jenkins/security/stapler/StaticRoutingDecisionProvider2Test/comment_ignored/stapler-whitelist.txt
  43. +4 −0 ...kins/security/stapler/StaticRoutingDecisionProvider2Test/greylist_multiline/stapler-whitelist.txt
  44. 0 ...jenkins/security/stapler/StaticRoutingDecisionProvider2Test/whitelist_empty/stapler-whitelist.txt
  45. +9 −0 ...ins/security/stapler/StaticRoutingDecisionProvider2Test/whitelist_emptyline/stapler-whitelist.txt
  46. +1 −0 ...kins/security/stapler/StaticRoutingDecisionProvider2Test/whitelist_monoline/stapler-whitelist.txt
  47. +2 −0 ...ins/security/stapler/StaticRoutingDecisionProvider2Test/whitelist_multiline/stapler-whitelist.txt
  48. BIN test/src/test/resources/plugins/annotations-test-sources.jar
  49. BIN test/src/test/resources/plugins/annotations-test.hpi
@@ -39,7 +39,7 @@ THE SOFTWARE.

<properties>
<staplerFork>true</staplerFork>
<stapler.version>1.254.2</stapler.version>
<stapler.version>1.254.3</stapler.version>
<spring.version>2.5.6.SEC03</spring.version>
<groovy.version>2.4.11</groovy.version>
<!-- TODO: Actually many issues are being filtered by src/findbugs/findbugs-excludes.xml -->
@@ -179,6 +179,11 @@ THE SOFTWARE.
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.jenkins.stapler</groupId>
<artifactId>jenkins-stapler-support</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-library</artifactId>
@@ -50,6 +50,7 @@
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerAccessibleType;
import jenkins.util.JenkinsJVM;
import jenkins.util.SystemProperties;
import org.apache.commons.httpclient.Credentials;
@@ -78,6 +79,7 @@
*
* @see jenkins.model.Jenkins#proxy
*/
@StaplerAccessibleType
public final class ProxyConfiguration extends AbstractDescribableImpl<ProxyConfiguration> implements Saveable, Serializable {
/**
* Holds a default TCP connect timeout set on all connections returned from this class,
@@ -34,6 +34,7 @@
import hudson.model.AperiodicWork;
import jenkins.model.Jenkins;
import jenkins.model.identity.InstanceIdentityProvider;
import jenkins.security.stapler.StaplerAccessibleType;
import jenkins.slaves.RemotingVersionInfo;
import jenkins.util.SystemProperties;
import hudson.slaves.OfflineCause;
@@ -82,6 +83,7 @@
* @author Kohsuke Kawaguchi
* @see AgentProtocol
*/
@StaplerAccessibleType
public final class TcpSlaveAgentListener extends Thread {

private final ServerSocketChannel serverSocket;
@@ -26,6 +26,7 @@
import hudson.Extension;
import hudson.Util;
import hudson.model.AdministrativeMonitor;
import jenkins.security.stapler.StaplerDispatchable;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
@@ -70,6 +71,7 @@ public HttpResponse doTest() {
return new HttpRedirect(redirect);
}

@StaplerDispatchable
public void getTestForReverseProxySetup(String rest) {
Jenkins j = Jenkins.getInstance();
String inferred = j.getRootUrlFromRequest() + "manage";
@@ -30,6 +30,7 @@
import hudson.Extension;
import hudson.Launcher.ProcStarter;
import hudson.slaves.Cloud;
import jenkins.security.stapler.StaplerDispatchable;
import jenkins.util.SystemProperties;
import hudson.Util;
import hudson.cli.declarative.CLIResolver;
@@ -958,6 +959,7 @@ public final int countExecutors() {
* Gets the read-only snapshot view of all {@link Executor}s.
*/
@Exported
@StaplerDispatchable
public List<Executor> getExecutors() {
return new ArrayList<Executor>(executors);
}
@@ -966,6 +968,7 @@ public final int countExecutors() {
* Gets the read-only snapshot view of all {@link OneOffExecutor}s.
*/
@Exported
@StaplerDispatchable
public List<OneOffExecutor> getOneOffExecutors() {
return new ArrayList<OneOffExecutor>(oneOffExecutors);
}
@@ -23,6 +23,8 @@
*/
package hudson.model;

import jenkins.security.stapler.StaplerAccessibleType;

/**
* A model object has a human readable name.
*
@@ -32,6 +34,7 @@
*
* @author Kohsuke Kawaguchi
*/
@StaplerAccessibleType
public interface ModelObject {
String getDisplayName();
}
@@ -39,6 +39,7 @@
import javax.annotation.CheckForNull;
import jenkins.model.Jenkins;

import jenkins.security.stapler.StaplerAccessibleType;
import net.sf.json.JSONObject;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
@@ -75,6 +76,7 @@
* @see ParametersAction
*/
@ExportedBean(defaultVisibility=3)
@StaplerAccessibleType
public abstract class ParameterValue implements Serializable {

private static final Logger LOGGER = Logger.getLogger(ParameterValue.class.getName());
@@ -69,6 +69,7 @@

import hudson.util.Futures;
import jenkins.security.QueueItemAuthenticatorProvider;
import jenkins.security.stapler.StaplerAccessibleType;
import jenkins.util.SystemProperties;
import jenkins.util.Timer;
import hudson.triggers.SafeTimerTask;
@@ -1993,6 +1994,7 @@ default boolean isConcurrentBuild() {
* Implementation must have <tt>executorCell.jelly</tt>, which is
* used to render the HTML that indicates this executable is executing.
*/
@StaplerAccessibleType
public interface Executable extends Runnable {
/**
* Task from which this executable was created.
@@ -33,6 +33,8 @@
import hudson.security.ACLContext;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;

import jenkins.security.stapler.StaplerDispatchable;
import jenkins.util.SystemProperties;
import hudson.Util;
import hudson.XmlFile;
@@ -317,6 +319,7 @@ public void configure(UpdateCenterConfiguration config) {
* can be empty but never null. Oldest entries first.
*/
@Exported
@StaplerDispatchable
public List<UpdateCenterJob> getJobs() {
synchronized (jobs) {
return new ArrayList<UpdateCenterJob>(jobs);
@@ -517,6 +520,7 @@ public HudsonUpgradeJob getHudsonJob() {
* @return
* can be empty but never null.
*/
@StaplerDispatchable // referenced by _api.jelly
public PersistedList<UpdateSite> getSites() {
return sites;
}
@@ -63,6 +63,7 @@
import jenkins.model.item_category.Category;
import jenkins.model.item_category.ItemCategory;
import jenkins.scm.RunWithSCM;
import jenkins.security.stapler.StaplerAccessibleType;
import jenkins.util.ProgressiveRendering;
import jenkins.util.xml.XMLUtils;

@@ -700,6 +701,7 @@ public AsynchPeople getAsynchPeople() {
}

@ExportedBean
@StaplerAccessibleType
public static final class People {
@Exported
public final List<UserInfo> users;
@@ -36,6 +36,7 @@
import javax.annotation.Nonnull;

import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerAccessibleType;
import net.sf.json.JSONObject;

import org.acegisecurity.Authentication;
@@ -62,6 +63,7 @@
* @author Kohsuke Kawaguchi
* @see SecurityRealm
*/
@StaplerAccessibleType
public abstract class AuthorizationStrategy extends AbstractDescribableImpl<AuthorizationStrategy> implements ExtensionPoint {
/**
* Returns the instance of {@link ACL} where all the other {@link ACL} instances
@@ -9,6 +9,7 @@

import hudson.init.Initializer;
import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerAccessibleType;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.WebApp;
@@ -40,6 +41,7 @@
* @see <a href="http://en.wikipedia.org/wiki/XSRF">Wikipedia: Cross site request forgery</a>
*/
@ExportedBean
@StaplerAccessibleType
public abstract class CrumbIssuer implements Describable<CrumbIssuer>, ExtensionPoint {

private static final String CRUMB_ATTRIBUTE = CrumbIssuer.class.getName() + "_crumb";
@@ -11,6 +11,7 @@
import java.nio.file.OpenOption;
import java.nio.file.StandardOpenOption;
import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerDispatchable;
import org.apache.tools.ant.DirectoryScanner;
import org.apache.tools.ant.Project;
import org.apache.tools.ant.types.FileSet;
@@ -94,6 +95,7 @@ public String getDisplayName() {
/**
* Expose files to the URL.
*/
@StaplerDispatchable
public List<HsErrPidFile> getFiles() {
return files;
}
@@ -32,6 +32,7 @@
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerAccessibleType;
import org.apache.commons.lang.StringUtils;
/**
* Jenkins install state.
@@ -44,6 +45,7 @@
*
* @author <a href="mailto:tom.fennelly@gmail.com">tom.fennelly@gmail.com</a>
*/
@StaplerAccessibleType
public class InstallState implements ExtensionPoint {
/**
* Need InstallState != NEW for tests by default
@@ -37,7 +37,11 @@
import hudson.Launcher.LocalLauncher;
import jenkins.AgentProtocol;
import jenkins.diagnostics.URICheckEncodingMonitor;
import jenkins.security.stapler.DoActionFilter;
import jenkins.security.stapler.StaplerFilteredActionListener;
import jenkins.security.stapler.StaplerDispatchable;
import jenkins.security.RedactSecretJsonInErrorMessageSanitizer;
import jenkins.security.stapler.TypedFilter;
import jenkins.util.SystemProperties;
import hudson.cli.declarative.CLIMethod;
import hudson.cli.declarative.CLIResolver;
@@ -895,6 +899,16 @@ protected Jenkins(File root, ServletContext context, PluginManager pluginManager
webApp.setClassLoader(pluginManager.uberClassLoader);
webApp.setJsonInErrorMessageSanitizer(RedactSecretJsonInErrorMessageSanitizer.INSTANCE);

TypedFilter typedFilter = new TypedFilter();
webApp.setFilterForGetMethods(typedFilter);
webApp.setFilterForFields(typedFilter);
webApp.setFilterForDoActions(new DoActionFilter());

StaplerFilteredActionListener actionListener = new StaplerFilteredActionListener();
webApp.setFilteredGetterTriggerListener(actionListener);
webApp.setFilteredDoActionTriggerListener(actionListener);
webApp.setFilteredFieldTriggerListener(actionListener);

adjuncts = new AdjunctManager(servletContext, pluginManager.uberClassLoader,"adjuncts/"+SESSION_HASH, TimeUnit.DAYS.toMillis(365));

ClassFilterImpl.register();
@@ -1643,6 +1657,7 @@ public void setSystemMessage(String message) throws IOException {
save();
}

@StaplerDispatchable
public FederatedLoginService getFederatedLoginService(String name) {
for (FederatedLoginService fls : FederatedLoginService.all()) {
if (fls.getUrlName().equals(name))
@@ -2601,6 +2616,7 @@ public Injector getInjector() {
*
* @since 1.349
*/
@StaplerDispatchable
public ExtensionList getExtensionList(String extensionType) throws ClassNotFoundException {
return getExtensionList(pluginManager.uberClassLoader.loadClass(extensionType));
}
@@ -2970,6 +2986,7 @@ public FingerprintMap getFingerprintMap() {
}

// if no finger print matches, display "not found page".
@StaplerDispatchable
public Object getFingerprint( String md5sum ) throws IOException {
Fingerprint r = fingerprintMap.get(md5sum);
if(r==null) return new NoFingerprintMatch(md5sum);
@@ -4040,6 +4057,7 @@ public void doGc(StaplerResponse rsp) throws IOException {
* End point that intentionally throws an exception to test the error behaviour.
* @since 1.467
*/
@StaplerDispatchable
public void doException() {
throw new RuntimeException();
}
@@ -4588,6 +4606,7 @@ public User getMe() {
* Plugins who wish to contribute boxes on the side panel can add widgets
* by {@code getWidgets().add(new MyWidget())} from {@link Plugin#start()}.
*/
@StaplerDispatchable // some plugins use this to add views to widgets
public List<Widget> getWidgets() {
return widgets;
}
Oops, something went wrong.

0 comments on commit 47f38d7

Please sign in to comment.