Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve FilePath API and Javadoc around validation #6033

Merged
merged 1 commit into from
Dec 11, 2021
Merged

Improve FilePath API and Javadoc around validation #6033

merged 1 commit into from
Dec 11, 2021

Conversation

daniel-beck
Copy link
Member

@daniel-beck daniel-beck commented Dec 8, 2021
edited by MarkEWaite
Loading

One of the causes of https://www.jenkins.io/security/advisory/2021-03-18/#SECURITY-2041 seems to have been the multiple different methods of FilePath to validate certain file masks. One group is suitable for form validation around workspace contents, as it performs a permission check and limits the number of operations, while the other is more suitable for running during a build, and does neither. This PR attempts to clarify this difference.

Additionally, this adds an overload of FilePath#validateAntFileMask that doesn't take an explicit parameter for the file mask bound (which is usually simply the static field with the default value).

Proposed changelog entries

  • Developer: Add FilePath#validateAntFileMask(String, boolean) overload for convenience.

Proposed upgrade guidelines

N/A

Submitter checklist

  • (If applicable) Jira issue is well described
  • Changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developer, depending on the change). Examples
    • Fill-in the Proposed changelog entries section only if there are breaking changes or other changes which may require extra steps from users during the upgrade
  • Appropriate autotests or explanation to why this change has no tests
  • For dependency updates: links to external changelogs and, if possible, full diffs

Desired reviewers

@mention

Maintainer checklist

Before the changes are marked as ready-for-merge:

  • There are at least 2 approvals for the pull request and no outstanding requests for change
  • Conversations in the pull request are over OR it is explicit that a reviewer does not block the change
  • Changelog entries in the PR title and/or Proposed changelog entries are correct
  • Proper changelog labels are set so that the changelog can be generated automatically
  • If the change needs additional upgrade steps from users, upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the PR title. (example)
  • If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).

@daniel-beck daniel-beck added the developer Changes which impact plugin developers label Dec 8, 2021
@timja timja requested a review from uhafner December 8, 2021 21:38
uhafner
uhafner approved these changes Dec 10, 2021
View reviewed changes
Copy link
Member

@uhafner uhafner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the detailed description!

@basil
Copy link
Member

basil commented Dec 10, 2021

This PR is now ready for merge. We will merge it after approximately 24 hours if there is no negative feedback. Please see the merge process documentation for more information about the merge process. Thanks!

@basil basil added the ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback label Dec 10, 2021
@basil basil merged commit b4a6229 into jenkinsci:master Dec 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@basil basil basil approved these changes

@uhafner uhafner uhafner approved these changes

@timja timja timja approved these changes

Assignees
No one assigned
Labels
developer Changes which impact plugin developers ready-for-merge The PR is ready to go, and it will be merged soon if there is no negative feedback
Projects
None yet
Milestone
No milestone
4 participants
@daniel-beck @basil @uhafner @timja