[SECURITY-372] Do not send mail to people who could not log in and se…

…e this job.
jenkinsci · Jan 19, 2017 · 6eb53cf · 6eb53cf
1 parent 22bf4da
commit 6eb53cf
Showing 1 changed file with 16 additions and 7 deletions.
diff --git a/src/main/java/hudson/tasks/MailSender.java b/src/main/java/hudson/tasks/MailSender.java
@@ -52,6 +52,8 @@
 import java.util.regex.Pattern;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
 
 /**
  * Core logic of sending out notification e-mail.
@@ -367,11 +369,7 @@ private MimeMessage createEmptyMail(final Run<?, ?> run, final TaskListener list
                 messageBuilder.addRecipients(getCulpritsOfEmailList(project, build, listener));
             }
             if (sendToIndividuals) {
-                Set<User> culprits = build.getCulprits();
-                if(debug) {
-                    listener.getLogger().println("Trying to send e-mails to individuals who broke the run. sizeof(culprits)==" + culprits.size());
-                }
-                messageBuilder.addRecipients(getUserEmailList(listener, culprits));
+                messageBuilder.addRecipients(getUserEmailList(listener, build));
             }
         }
 
@@ -419,7 +417,7 @@ String getCulpritsOfEmailList(AbstractProject upstreamProject, AbstractBuild<?,
         do {
             b = b.getNextBuild();
             if (b != null) {
-                String userEmails = getUserEmailList(listener, b.getCulprits());
+                String userEmails = getUserEmailList(listener, b);
                 if (culpritEmails.length() > 0) {
                     culpritEmails.append(",");
                 }
@@ -431,13 +429,24 @@ String getCulpritsOfEmailList(AbstractProject upstreamProject, AbstractBuild<?,
     }
 
     @Nonnull
-    private String getUserEmailList(TaskListener listener, Set<User> users) throws AddressException, UnsupportedEncodingException {
+    private String getUserEmailList(TaskListener listener, AbstractBuild<?, ?> build) throws AddressException, UnsupportedEncodingException {
+        Set<User> users = build.getCulprits();
         StringBuilder userEmails = new StringBuilder();
         for (User a : users) {
             String adrs = Util.fixEmpty(a.getProperty(Mailer.UserProperty.class).getAddress());
             if(debug)
                 listener.getLogger().println("  User "+a.getId()+" -> "+adrs);
             if (adrs != null) {
+                try {
+                    Authentication auth = a.impersonate();
+                    if (!build.getACL().hasPermission(auth, Item.READ)) {
+                        listener.getLogger().println("Not sending mail to user " + adrs + " with no permissions to view " + build.getFullDisplayName());
+                        continue;
+                    }
+                } catch (UsernameNotFoundException x) {
+                    listener.getLogger().println("Not sending mail to unregistered user " + adrs);
+                    continue;
+                }
                 if (userEmails.length() > 0) {
                     userEmails.append(",");
                 }