Skip to content
Permalink
Browse files

[JEP-200] [JENKINS-47736] Merged #3120: ClassFilterImpl

  • Loading branch information
jglick committed Jan 12, 2018
2 parents deeab3a + 47be7c3 commit cb4903c20e788f015f6210a965a2759009ff24f2
@@ -150,6 +150,7 @@
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.SEVERE;
import static java.util.logging.Level.WARNING;
import jenkins.security.CustomClassFilter;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@@ -867,6 +868,9 @@ public void dynamicLoad(File arc, boolean removeExisting) throws IOException, In
((UberClassLoader) uberClassLoader).loaded.clear();
}

// TODO antimodular; perhaps should have a PluginListener to complement ExtensionListListener?
CustomClassFilter.Contributed.load();

try {
p.resolvePluginDependencies();
strategy.load(p);
@@ -75,6 +75,7 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;

@@ -526,27 +527,28 @@ public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext co
private static class BlacklistedTypesConverter implements Converter {
@Override
public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {
throw new UnsupportedOperationException("Refusing to marshal " + source.getClass().getName() + " for security reasons");
throw new UnsupportedOperationException("Refusing to marshal " + source.getClass().getName() + " for security reasons; see https://jenkins.io/redirect/class-filter/");
}

@Override
public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {
throw new ConversionException("Refusing to unmarshal " + reader.getNodeName() + " for security reasons");
throw new ConversionException("Refusing to unmarshal " + reader.getNodeName() + " for security reasons; see https://jenkins.io/redirect/class-filter/");
}

/** TODO see comment in {@code whitelisted-classes.txt} */
private static final Pattern JRUBY_PROXY = Pattern.compile("org[.]jruby[.]proxy[.].+[$]Proxy\\d+");

@Override
public boolean canConvert(Class type) {
if (type == null) {
return false;
}
try {
ClassFilter.DEFAULT.check(type);
ClassFilter.DEFAULT.check(type.getName());
} catch (SecurityException se) {
// claim we can convert all the scary stuff so we can throw exceptions when attempting to do so
return true;
String name = type.getName();
if (JRUBY_PROXY.matcher(name).matches()) {
return false;
}
return false;
// claim we can convert all the scary stuff so we can throw exceptions when attempting to do so
return ClassFilter.DEFAULT.isBlacklisted(name) || ClassFilter.DEFAULT.isBlacklisted(type);
}
}
}
@@ -8,6 +8,7 @@
* {@link FileCallable}s that are meant to be only used on the master.
*
* @since 1.587 / 1.580.1
* @param <T> the return type; note that this must either be defined in your plugin or included in the stock JEP-200 whitelist
*/
public abstract class MasterToSlaveFileCallable<T> implements FileCallable<T> {
@Override
@@ -6,7 +6,7 @@

/**
* {@link FileCallable}s that can be executed on the master, sent by the agent.
*
* Note that any serializable fields must either be defined in your plugin or included in the stock JEP-200 whitelist.
* @since 1.587 / 1.580.1
*/
public abstract class SlaveToMasterFileCallable<T> implements FileCallable<T> {
@@ -106,7 +106,6 @@
import hudson.model.listeners.SCMListener;
import hudson.model.listeners.SaveableListener;
import hudson.remoting.Callable;
import hudson.remoting.ClassFilter;
import hudson.remoting.LocalChannel;
import hudson.remoting.VirtualChannel;
import hudson.scm.RepositoryBrowser;
@@ -181,6 +180,7 @@
import jenkins.install.InstallState;
import jenkins.install.SetupWizard;
import jenkins.model.ProjectNamingStrategy.DefaultProjectNamingStrategy;
import jenkins.security.ClassFilterImpl;
import jenkins.security.ConfidentialKey;
import jenkins.security.ConfidentialStore;
import jenkins.security.SecurityListener;
@@ -283,7 +283,6 @@
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

import static hudson.Util.*;
@@ -894,11 +893,7 @@ protected Jenkins(File root, ServletContext context, PluginManager pluginManager

adjuncts = new AdjunctManager(servletContext, pluginManager.uberClassLoader,"adjuncts/"+SESSION_HASH, TimeUnit.DAYS.toMillis(365));

try {
ClassFilter.appendDefaultFilter(Pattern.compile("java[.]security[.]SignedObject")); // TODO move to standard blacklist
} catch (ClassFilter.ClassFilterException ex) {
throw new IOException("Remoting library rejected the java[.]security[.]SignedObject blacklist pattern", ex);
}
ClassFilterImpl.register();

// initialization consists of ...
executeReactor( is,
@@ -3246,6 +3241,7 @@ public void cleanUp() {
if (JenkinsJVM.isJenkinsJVM()) {
JenkinsJVMAccess._setJenkinsJVM(oldJenkinsJVM);
}
ClassFilterImpl.unregister();
}
}

0 comments on commit cb4903c

Please sign in to comment.
You can’t perform that action at this time.