Skip to content
Permalink
Browse files

[JENKINS-27055] Noting merge of #1621.

  • Loading branch information
jglick committed Mar 25, 2015
2 parents cfa4b10 + 20c458d commit e54b19d872317e135c46a415df80651d0de8dbfa
@@ -55,7 +55,9 @@
<!-- Record your changes in the trunk here. -->
<div id="trunk" style="display:none"><!--=TRUNK-BEGIN=-->
<ul class=image>
<li class=>
<li class=bug>
Security file pattern whitelist was broken for some plugins since 1.597.
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-27055">issue 27055</a>)
</ul>
</div><!--=TRUNK-END=-->
<h3><a name=v1.606>What's new in 1.606</a> (2015/03/23)</h3>
@@ -40,7 +40,7 @@ protected FilePathRule parse(String line) {
if (line.isEmpty()) return null;

line = line.replace("<BUILDDIR>","<JOBDIR>/builds/<BUILDID>");
line = line.replace("<BUILDID>","[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9]");
line = line.replace("<BUILDID>","(?:[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]-[0-9][0-9]-[0-9][0-9]|[0-9]+)");
line = line.replace("<JOBDIR>","<JENKINS_HOME>/jobs/.+");
line = line.replace("<JENKINS_HOME>","\\Q"+Jenkins.getInstance().getRootDir().getPath()+"\\E");

@@ -33,7 +33,6 @@

import jenkins.security.s2m.AdminWhitelistRule;
import jenkins.security.s2m.DefaultFilePathFilter;
import jenkins.security.s2m.MasterKillSwitchConfiguration;
import org.jenkinsci.remoting.RoleChecker;
import org.junit.Before;
import org.junit.Test;
@@ -42,6 +41,7 @@
import org.jvnet.hudson.test.JenkinsRule;

import javax.inject.Inject;
import org.jvnet.hudson.test.Issue;

public class DefaultFilePathFilterTest {

@@ -111,4 +111,12 @@ public void checkRoles(RoleChecker checker) throws SecurityException {
throw new NoSuchMethodError(); // simulate legacy Callable impls
}
}

@Issue("JENKINS-27055")
@Test public void matchBuildDir() throws Exception {
File f = new File(r.buildAndAssertSuccess(r.createFreeStyleProject()).getRootDir(), "whatever");
rule.setMasterKillSwitch(false);
assertTrue(rule.checkFileAccess("write", f));
}

}

0 comments on commit e54b19d

Please sign in to comment.
You can’t perform that action at this time.