Merge branch 'master' into TaskListener-flush

core/src/main/java/hudson/console/ConsoleAnnotationOutputStream.java

@@ -49,7 +49,7 @@
  * @since 1.349
  */
 public class ConsoleAnnotationOutputStream<T> extends LineTransformationOutputStream {
-    private final Writer out;
+    private final Writer out; // not an OutputStream so cannot use LineTransformationOutputStream.Delegating
     private final T context;
     private ConsoleAnnotator<T> ann;
 

core/src/main/java/hudson/console/ConsoleLogFilter.java

@@ -36,13 +36,19 @@
 import javax.annotation.Nonnull;
 import java.io.IOException;
 import java.io.OutputStream;
+import java.io.Serializable;
+import jenkins.util.JenkinsJVM;
 
 /**
  * A hook to allow filtering of information that is written to the console log.
  * Unlike {@link ConsoleAnnotator} and {@link ConsoleNote}, this class provides
  * direct access to the underlying {@link OutputStream} so it's possible to suppress
  * data, which isn't possible from the other interfaces.
  * ({@link ArgumentListBuilder#add(String, boolean)} is a simpler way to suppress a single password.)
+ * <p>Implementations which are {@link Serializable} may be sent to an agent JVM for processing.
+ * In particular, this happens under <a href="https://jenkins.io/jep/210">JEP-210</a>.
+ * In this case, the implementation should not assume that {@link JenkinsJVM#isJenkinsJVM},
+ * and if generating {@link ConsoleNote}s will need to encode them on the master side first.
  * @author dty
  * @since 1.383
  * @see BuildWrapper#decorateLogger

core/src/main/java/hudson/console/ConsoleNote.java

@@ -110,6 +110,17 @@
  * is also important, although {@link ConsoleNote}s that failed to deserialize will be simply ignored, so the
  * worst thing that can happen is that you just lose some notes.
  *
+ * <p>
+ * Note that {@link #encode}, {@link #encodeTo(OutputStream)}, and {@link #encodeTo(Writer)}
+ * should be called on the Jenkins master.
+ * If called from an agent JVM, a signature will be missing and so as per
+ * <a href="https://jenkins.io/security/advisory/2017-02-01/#persisted-cross-site-scripting-vulnerability-in-console-notes">SECURITY-382</a>
+ * the console note will be ignored.
+ * This may happen, in particular, if the note was generated by a {@link ConsoleLogFilter} sent to the agent.
+ * Alternative solutions include using a {@link ConsoleAnnotatorFactory} where practical;
+ * or generating the encoded form of the note on the master side and sending it to the agent,
+ * for example by saving that form as instance fields in a {@link ConsoleLogFilter} implementation.
+ *
  * <h2>Behaviour, JavaScript, and CSS</h2>
  * <p>
  * {@link ConsoleNote} can have associated {@code script.js} and {@code style.css} (put them

core/src/main/java/hudson/console/LineTransformationOutputStream.java

@@ -32,7 +32,7 @@
  * Filtering {@link OutputStream} that buffers text by line, so that the derived class
  * can perform some manipulation based on the contents of the whole line.
  *
- * TODO: Mac is supposed to be CR-only. This class needs to handle that.
+ * <p>Subclass {@link Delegating} in the typical case that you are decorating an underlying stream.
  *
  * @author Kohsuke Kawaguchi
  * @since 1.349
@@ -110,4 +110,32 @@ protected String trimEOL(String line) {
     }
 
     private static final int LF = 0x0A;
+
+    /**
+     * Convenience subclass for cases where you wish to process lines being sent to an underlying stream.
+     * {@link #eol} will typically {@link OutputStream#write(byte[], int, int)} to {@link #out}.
+     * Flushing or closing the decorated stream will behave properly.
+     * @since FIXME
+     */
+    public static abstract class Delegating extends LineTransformationOutputStream {
+
+        protected final OutputStream out;
+
+        protected Delegating(OutputStream out) {
+            this.out = out;
+        }
+
+        @Override
+        public void flush() throws IOException {
+            out.flush();
+        }
+
+        @Override
+        public void close() throws IOException {
+            super.close();
+            out.close();
+        }
+
+    }
+
 }

core/src/main/java/hudson/console/PlainTextConsoleOutputStream.java

@@ -28,21 +28,19 @@
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
-import java.util.logging.Logger;
 
 /**
  * Filters out console notes.
  *
  * @author Kohsuke Kawaguchi
  */
-public class PlainTextConsoleOutputStream extends LineTransformationOutputStream {
-    private final OutputStream out;
+public class PlainTextConsoleOutputStream extends LineTransformationOutputStream.Delegating {
 
     /**
      *
      */
     public PlainTextConsoleOutputStream(OutputStream out) {
-        this.out = out;
+        super(out);
     }
 
     /**
@@ -77,17 +75,4 @@ protected void eol(byte[] in, int sz) throws IOException {
         out.write(in,written,sz-written);
     }
 
-    @Override
-    public void flush() throws IOException {
-        out.flush();
-    }
-
-    @Override
-    public void close() throws IOException {
-        super.close();
-        out.close();
-    }
-
-
-    private static final Logger LOGGER = Logger.getLogger(PlainTextConsoleOutputStream.class.getName());
 }

core/src/main/java/hudson/tasks/_maven/MavenConsoleAnnotator.java

@@ -36,12 +36,11 @@
  *
  * @author Kohsuke Kawaguchi
  */
-public class MavenConsoleAnnotator extends LineTransformationOutputStream {
-    private final OutputStream out;
+public class MavenConsoleAnnotator extends LineTransformationOutputStream.Delegating {
     private final Charset charset;
 
     public MavenConsoleAnnotator(OutputStream out, Charset charset) {
-        this.out = out;
+        super(out);
         this.charset = charset;
     }
 
@@ -75,9 +74,4 @@ protected void eol(byte[] b, int len) throws IOException {
         out.write(b,0,len);
     }
 
-    @Override
-    public void close() throws IOException {
-        super.close();
-        out.close();
-    }
 }

core/src/main/java/jenkins/util/TreeString.java

@@ -26,7 +26,6 @@
 import java.io.Serializable;
 import java.util.Map;
 
-import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
 
 import com.thoughtworks.xstream.XStream;
@@ -125,7 +124,9 @@ public boolean equals(final Object rhs) {
     public int hashCode() {
         int h = parent == null ? 0 : parent.hashCode();
 
-        h = 31 * h + ArrayUtils.hashCode(label);
+        for (char c : label) {
+            h = 31 * h + c;
+        }
 
         assert toString().hashCode() == h;
         return h;

core/src/main/resources/lib/form/secretTextarea.jelly

@@ -0,0 +1,109 @@
+<?jelly escape-by-default='true'?>
+<!--
+  ~ The MIT License
+  ~
+  ~ Copyright (c) 2019 CloudBees, Inc.
+  ~
+  ~ Permission is hereby granted, free of charge, to any person obtaining a copy
+  ~ of this software and associated documentation files (the "Software"), to deal
+  ~ in the Software without restriction, including without limitation the rights
+  ~ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  ~ copies of the Software, and to permit persons to whom the Software is
+  ~ furnished to do so, subject to the following conditions:
+  ~
+  ~ The above copyright notice and this permission notice shall be included in
+  ~ all copies or substantial portions of the Software.
+  ~
+  ~ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  ~ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  ~ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  ~ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  ~ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  ~ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  ~ THE SOFTWARE.
+  -->
+
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:f="/lib/form">
+    <st:documentation><![CDATA[
+Enhanced version of <f:textarea/> for editing multi-line secrets.
+
+Example usage:
+
+<j:jelly xmlns:j="jelly:core" xmlns:f="/lib/form">
+    <f:entry title="Secret" field="secret">
+        <f:secretTextarea/>
+    </f:entry>
+    <f:entry title="Secret 2">
+        <f:secretTextarea field="secret2"/>
+    </f:entry>
+    <f:entry title="Another Secret">
+        <f:secretTextarea name="foo" value="${it.foo}"/>
+    </f:entry>
+</j:jelly>
+    ]]>
+        <st:attribute name="field">
+            Used for databinding. Must be compatible with hudson.util.Secret for round-trip ciphertext.
+        </st:attribute>
+        <st:attribute name="name">
+            Name to use for form input name. Calculated from @field by default.
+        </st:attribute>
+        <st:attribute name="value">
+            Value of the secret. Calculated from instance[@field] by default.
+            This value must be of type hudson.util.Secret.
+            The value will be encrypted when sent to the client if the client has Item.CONFIGURE permissions.
+        </st:attribute>
+        <st:attribute name="placeholder">
+            Placeholder text for input field when displayed.
+        </st:attribute>
+    </st:documentation>
+
+    <f:prepareDatabinding/>
+    <j:set var="name" value="${attrs.name ?: '_.'+attrs.field}"/>
+    <j:set var="value" value="${h.getPasswordValue(attrs.value ?: instance[attrs.field])}"/>
+    <j:set var="addText" value="${%Add}"/>
+    <j:set var="replaceText" value="${%Replace}"/>
+    <j:set var="buttonText" value="${value == null ? addText : replaceText}"/>
+
+    <st:adjunct includes="lib.form.secretTextarea.secret"/>
+    <div class="secret" data-name="${name}" data-placeholder="${attrs.placeholder ?: ''}" data-prompt="${%EnterSecret}">
+        <div class="secret-header">
+            <div class="secret-legend">
+                <j:choose>
+                    <j:when test="${value == null}">
+                        <span>${%NoStoredValue}</span>
+                    </j:when>
+                    <j:otherwise>
+                        <svg width="25px" height="32px" viewBox="0 0 25 32" version="1.1" xmlns="http://www.w3.org/2000/svg">
+                            <!--
+                                Based on Material Design.
+
+                                Licensed under the Apache License, Version 2.0 (the "License");
+                                you may not use this file except in compliance with the License.
+                                You may obtain a copy of the License at
+
+                                    http://www.apache.org/licenses/LICENSE-2.0
+
+                                Unless required by applicable law or agreed to in writing, software
+                                distributed under the License is distributed on an "AS IS" BASIS,
+                                WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+                                See the License for the specific language governing permissions and
+                                limitations under the License.
+                            -->
+                            <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
+                                <g transform="translate(-504.000000, -199.000000)" fill="#788594">
+                                    <path d="M520.914667,209.666667 L511.466667,209.666667 L511.466667,206.619333 C511.466667,204.014 513.584667,201.895333 516.190667,201.895333 C518.796667,201.895333 520.914667,204.014 520.914667,206.619333 L520.914667,209.666667 Z M516.190667,223.381333 C514.514,223.381333 513.143333,222.01 513.143333,220.333333 C513.143333,218.657333 514.514,217.286 516.190667,217.286 C517.867333,217.286 519.238,218.657333 519.238,220.333333 C519.238,222.01 517.867333,223.381333 516.190667,223.381333 Z M516.190667,199 C511.984667,199 508.571333,202.414 508.571333,206.619333 L508.571333,209.666667 L507.048,209.666667 C505.372,209.666667 504,211.038 504,212.714667 L504,227.952667 C504,229.628667 505.372,231 507.048,231 L525.334,231 C527.01,231 528.380667,229.628667 528.380667,227.952667 L528.380667,212.714667 C528.380667,211.038 527.01,209.666667 525.334,209.666667 L523.81,209.666667 L523.81,206.619333 C523.81,202.414 520.396667,199 516.190667,199 Z"/>
+                                </g>
+                            </g>
+                        </svg>
+                        <span>${%Concealed}</span>
+                        <input type="hidden" name="${name}" value="${value}"/>
+                    </j:otherwise>
+                </j:choose>
+            </div>
+            <div class="secret-update">
+                <input type="button" class="secret-update-btn" value="${buttonText}"/>
+            </div>
+        </div>
+    </div>
+
+</j:jelly>

core/src/main/resources/lib/form/secretTextarea.properties

@@ -0,0 +1,29 @@
+#
+# The MIT License
+#
+# Copyright (c) 2019 CloudBees, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+
+Add=Add
+Replace=Replace
+EnterSecret=Enter New Secret Below
+Concealed=Concealed for Confidentiality
+NoStoredValue=No Stored Value

core/src/main/resources/lib/form/secretTextarea/secret.css

@@ -0,0 +1,77 @@
+/*
+ * The MIT License
+ *
+ * Copyright (c) 2019 CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+.secret-header {
+    border: 1px solid #ccc;
+    border-radius: 3px;
+    background: #f9f9f9;
+    display: flex;
+    justify-content: space-around;
+}
+
+.secret-header:not(:only-child) {
+    border-bottom-left-radius: 0;
+    border-bottom-right-radius: 0;
+}
+
+.secret-header > div {
+    flex-grow: 1;
+    display: inline-flex;
+    align-items: center;
+    padding: 1.5em 1.75em;
+}
+
+.secret-legend > svg {
+    margin-right: 1em;
+}
+
+.secret-update {
+    justify-content: flex-end;
+}
+
+.secret-input {
+    border: solid 1px #ccc;
+    border-top: none;
+    border-radius: 0 0 3px 3px;
+}
+
+.secret-input textarea {
+    width: 100%;
+    font-family: monospace;
+    border: none;
+    padding: 1em;
+}
+
+.secret input[type='button'] {
+    background: #4b99d0;
+    color: #fff;
+    border-radius: 4px;
+    border: none;
+    padding: 1em 2em;
+}
+
+.secret input[type='button']:hover {
+    background: #5092be;
+    cursor: pointer;
+}