Merge branch 'master' into WorkspaceList.inUse-JENKINS-50504

core/src/main/java/hudson/ExtensionList.java

@@ -373,8 +373,10 @@ private static final class Lock {}
      * Loads all the extensions.
      */
     protected List<ExtensionComponent<T>> load() {
-        if (LOGGER.isLoggable(Level.FINE))
-            LOGGER.log(Level.FINE,"Loading ExtensionList: "+extensionType, new Throwable());
+        LOGGER.fine(() -> String.format("Loading ExtensionList '%s'", extensionType.getName()));
+        if (LOGGER.isLoggable(Level.FINER)) {
+            LOGGER.log(Level.FINER, String.format("Loading ExtensionList '%s' from", extensionType.getName()), new Throwable("Only present for stacktrace information"));
+        }
 
         return jenkins.getPluginManager().getPluginStrategy().findComponents(extensionType, hudson);
     }

core/src/main/java/hudson/FilePath.java

@@ -643,7 +643,7 @@ private void unzip(File dir, File zipFile) throws IOException {
             while (entries.hasMoreElements()) {
                 ZipEntry e = entries.nextElement();
                 File f = new File(dir, e.getName());
-                if (!f.toPath().normalize().startsWith(dir.toPath())) {
+                if (!f.getCanonicalPath().startsWith(dir.getCanonicalPath())) {
                     throw new IOException(
                         "Zip " + zipFile.getPath() + " contains illegal file name that breaks out of the target directory: " + e.getName());
                 }

core/src/main/java/hudson/TcpSlaveAgentListener.java

@@ -156,7 +156,7 @@ public String getAgentProtocolNames() {
 
     /**
      * Gets Remoting minimum supported version to prevent unsupported agents from connecting
-     * @since 2.169
+     * @since 2.171
      */
     public VersionNumber getRemotingMinimumVersion() {
         return RemotingVersionInfo.getMinimumSupportedVersion();

core/src/main/java/hudson/console/AnnotatedLargeText.java

@@ -54,6 +54,7 @@
 import com.jcraft.jzlib.GZIPOutputStream;
 
 import static java.lang.Math.abs;
+import javax.annotation.CheckReturnValue;
 import org.jenkinsci.remoting.util.AnonymousClassWarnings;
 
 /**
@@ -139,6 +140,7 @@ private ConsoleAnnotator<T> createAnnotator(StaplerRequest req) throws IOExcepti
         return ConsoleAnnotator.initial(context);
     }
 
+    @CheckReturnValue
     @Override
     public long writeLogTo(long start, Writer w) throws IOException {
         if (isHtml())
@@ -151,6 +153,7 @@ public long writeLogTo(long start, Writer w) throws IOException {
      * Strips annotations using a {@link PlainTextConsoleOutputStream}.
      * {@inheritDoc}
      */
+    @CheckReturnValue
     @Override
     public long writeLogTo(long start, OutputStream out) throws IOException {
         return super.writeLogTo(start, new PlainTextConsoleOutputStream(out));
@@ -160,10 +163,12 @@ public long writeLogTo(long start, OutputStream out) throws IOException {
      * Calls {@link LargeText#writeLogTo(long, OutputStream)} without stripping annotations as {@link #writeLogTo(long, OutputStream)} would.
      * @since 1.577
      */
+    @CheckReturnValue
     public long writeRawLogTo(long start, OutputStream out) throws IOException {
         return super.writeLogTo(start, out);
     }
 
+    @CheckReturnValue
     public long writeHtmlTo(long start, Writer w) throws IOException {
         ConsoleAnnotationOutputStream<T> caw = new ConsoleAnnotationOutputStream<>(
                 w, createAnnotator(Stapler.getCurrentRequest()), context, charset);

core/src/main/java/hudson/console/ConsoleAnnotationOutputStream.java

@@ -49,7 +49,7 @@
  * @since 1.349
  */
 public class ConsoleAnnotationOutputStream<T> extends LineTransformationOutputStream {
-    private final Writer out;
+    private final Writer out; // not an OutputStream so cannot use LineTransformationOutputStream.Delegating
     private final T context;
     private ConsoleAnnotator<T> ann;
 

core/src/main/java/hudson/console/ConsoleLogFilter.java

@@ -36,13 +36,19 @@
 import javax.annotation.Nonnull;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.io.Serializable;
+import jenkins.util.JenkinsJVM;
 
 /**
  * A hook to allow filtering of information that is written to the console log.
  * Unlike {@link ConsoleAnnotator} and {@link ConsoleNote}, this class provides
  * direct access to the underlying {@link OutputStream} so it's possible to suppress
  * data, which isn't possible from the other interfaces.
  * ({@link ArgumentListBuilder#add(String, boolean)} is a simpler way to suppress a single password.)
+ * <p>Implementations which are {@link Serializable} may be sent to an agent JVM for processing.
+ * In particular, this happens under <a href="https://jenkins.io/jep/210">JEP-210</a>.
+ * In this case, the implementation should not assume that {@link JenkinsJVM#isJenkinsJVM},
+ * and if generating {@link ConsoleNote}s will need to encode them on the master side first.
  * @author dty
  * @since 1.383
  * @see BuildWrapper#decorateLogger

core/src/main/java/hudson/console/ConsoleNote.java

@@ -110,6 +110,17 @@
  * is also important, although {@link ConsoleNote}s that failed to deserialize will be simply ignored, so the
  * worst thing that can happen is that you just lose some notes.
  *
+ * <p>
+ * Note that {@link #encode}, {@link #encodeTo(OutputStream)}, and {@link #encodeTo(Writer)}
+ * should be called on the Jenkins master.
+ * If called from an agent JVM, a signature will be missing and so as per
+ * <a href="https://jenkins.io/security/advisory/2017-02-01/#persisted-cross-site-scripting-vulnerability-in-console-notes">SECURITY-382</a>
+ * the console note will be ignored.
+ * This may happen, in particular, if the note was generated by a {@link ConsoleLogFilter} sent to the agent.
+ * Alternative solutions include using a {@link ConsoleAnnotatorFactory} where practical;
+ * or generating the encoded form of the note on the master side and sending it to the agent,
+ * for example by saving that form as instance fields in a {@link ConsoleLogFilter} implementation.
+ *
  * <h2>Behaviour, JavaScript, and CSS</h2>
  * <p>
  * {@link ConsoleNote} can have associated {@code script.js} and {@code style.css} (put them

core/src/main/java/hudson/console/LineTransformationOutputStream.java

@@ -32,7 +32,7 @@
  * Filtering {@link OutputStream} that buffers text by line, so that the derived class
  * can perform some manipulation based on the contents of the whole line.
  *
- * TODO: Mac is supposed to be CR-only. This class needs to handle that.
+ * <p>Subclass {@link Delegating} in the typical case that you are decorating an underlying stream.
  *
  * @author Kohsuke Kawaguchi
  * @since 1.349
@@ -110,4 +110,32 @@ protected String trimEOL(String line) {
     }
 
     private static final int LF = 0x0A;
+
+    /**
+     * Convenience subclass for cases where you wish to process lines being sent to an underlying stream.
+     * {@link #eol} will typically {@link OutputStream#write(byte[], int, int)} to {@link #out}.
+     * Flushing or closing the decorated stream will behave properly.
+     * @since FIXME
+     */
+    public static abstract class Delegating extends LineTransformationOutputStream {
+
+        protected final OutputStream out;
+
+        protected Delegating(OutputStream out) {
+            this.out = out;
+        }
+
+        @Override
+        public void flush() throws IOException {
+            out.flush();
+        }
+
+        @Override
+        public void close() throws IOException {
+            super.close();
+            out.close();
+        }
+
+    }
+
 }

core/src/main/java/hudson/console/PlainTextConsoleOutputStream.java

@@ -28,21 +28,19 @@
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.logging.Logger;
 
 /**
  * Filters out console notes.
  *
  * @author Kohsuke Kawaguchi
  */
-public class PlainTextConsoleOutputStream extends LineTransformationOutputStream {
-    private final OutputStream out;
+public class PlainTextConsoleOutputStream extends LineTransformationOutputStream.Delegating {
 
     /**
      *
      */
     public PlainTextConsoleOutputStream(OutputStream out) {
-        this.out = out;
+        super(out);
     }
 
     /**
@@ -77,17 +75,4 @@ protected void eol(byte[] in, int sz) throws IOException {
         out.write(in,written,sz-written);
     }
 
-    @Override
-    public void flush() throws IOException {
-        out.flush();
-    }
-
-    @Override
-    public void close() throws IOException {
-        super.close();
-        out.close();
-    }
-
-
-    private static final Logger LOGGER = Logger.getLogger(PlainTextConsoleOutputStream.class.getName());
 }

core/src/main/java/hudson/model/Run.java

@@ -1429,7 +1429,9 @@ public Collection<Fingerprint> getBuildFingerprints() {
     /**
      * Returns the log file.
      * @return The file may reference both uncompressed or compressed logs
-     */  
+     * @deprecated Assumes file-based storage of the log, which is not necessarily the case for Pipelines after JEP-210. Use other methods giving various kinds of streams such as {@link Run#getLogReader()},  {@link Run#getLogInputStream()}, or {@link Run#getLogText()}.
+     */
+    @Deprecated
     public @Nonnull File getLogFile() {
         File rawF = new File(getRootDir(), "log");
         if (rawF.isFile()) {

core/src/main/java/hudson/tasks/_maven/MavenConsoleAnnotator.java

@@ -36,12 +36,11 @@
  *
  * @author Kohsuke Kawaguchi
  */
-public class MavenConsoleAnnotator extends LineTransformationOutputStream {
-    private final OutputStream out;
+public class MavenConsoleAnnotator extends LineTransformationOutputStream.Delegating {
     private final Charset charset;
 
     public MavenConsoleAnnotator(OutputStream out, Charset charset) {
-        this.out = out;
+        super(out);
         this.charset = charset;
     }
 
@@ -75,9 +74,4 @@ protected void eol(byte[] b, int len) throws IOException {
         out.write(b,0,len);
     }
 
-    @Override
-    public void close() throws IOException {
-        super.close();
-        out.close();
-    }
 }

core/src/main/java/jenkins/util/TreeString.java

@@ -26,7 +26,6 @@
 import java.io.Serializable;
 import java.util.Map;
 
-import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
 
 import com.thoughtworks.xstream.XStream;
@@ -125,7 +124,9 @@ public boolean equals(final Object rhs) {
     public int hashCode() {
         int h = parent == null ? 0 : parent.hashCode();
 
-        h = 31 * h + ArrayUtils.hashCode(label);
+        for (char c : label) {
+            h = 31 * h + c;
+        }
 
         assert toString().hashCode() == h;
         return h;

core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/config.jelly

@@ -26,7 +26,7 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson"
   xmlns:f="/lib/form">
   <f:entry field="allowsSignup">
-    <f:checkbox default="true" title="${%Allow users to sign up}"/>
+    <f:checkbox default="false" title="${%Allow users to sign up}"/>
   </f:entry>
   <j:if test="${size(h.captchaSupportDescriptors) gt 0}">
     <f:entry>

core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/help-allowsSignup.html

@@ -1,7 +1,6 @@
 <div>
-  By default, Jenkins allows users to create accounts by themselves, via the "sign up" link on the top right shoulder of the page.
-  But if you'd like to prevent random users from creating accounts, and instead tightly control how user accounts are created,
-  uncheck this box.
+  This option allows users to create accounts by themselves, via the "sign up" link on the top right shoulder of the page.
+  <strong>Make sure to not grant significant permissions to authenticated users, as anyone on the network will be able to get them.</strong>
   <p>
   When this checkbox is unchecked, someone with the administrator role would have to create accounts. 
   <p>