Skip to content
Permalink
Browse files
[FIXED JENKINS-42902] Sanitize parameter names and descriptions
  • Loading branch information
ikedam committed May 6, 2017
1 parent e61298e commit 732841c5a67bab898e4dd6d7f4b08a81e28eaa3f
35 pom.xml
@@ -21,9 +21,9 @@
</scm>

<properties>
<jenkins.version>1.509</jenkins.version>
<jenkins-test-harness.version>1.509</jenkins-test-harness.version>
<java.level>5</java.level>
<jenkins.version>1.532</jenkins.version> <!-- ParameterDefinition#getFormattedDescription is since 1.520 -->
<jenkins-test-harness.version>1.532</jenkins-test-harness.version>
<java.level>6</java.level>
</properties>

<repositories>
@@ -66,35 +66,6 @@
<forkCount>1</forkCount>
</configuration>
</plugin>
<plugin>
<artifactId>maven-enforcer-plugin</artifactId>
<executions>
<execution>
<id>display-info</id>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<!-- <exclude>org.sonatype.sisu:sisu-guice</exclude> -->
<exclude>log4j:log4j:*:jar:compile</exclude>
<exclude>log4j:log4j:*:jar:runtime</exclude>
<exclude>commons-logging:commons-logging:*:jar:compile</exclude>
<exclude>commons-logging:commons-logging:*:jar:runtime</exclude>
</excludes>
</bannedDependencies>
<enforceBytecodeVersion>
<excludes combine.children="append">
<exclude>com.sonyericsson.hudson.plugins.rebuild:rebuild</exclude>
<!-- dependencies via jenkins-core-1.509 -->
<exclude>org.mindrot:jbcrypt</exclude>
<exclude>org.kohsuke:asm3</exclude>
</excludes>
</enforceBytecodeVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
@@ -23,17 +23,22 @@
*/
package hudson.plugins.matrix_configuration_parameter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.annotation.Nonnull;

import hudson.markup.MarkupFormatter;
import hudson.matrix.AxisList;
import hudson.matrix.Combination;
import hudson.model.*;

import hudson.util.VariableResolver;
import jenkins.model.Jenkins;

import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
@@ -45,6 +50,8 @@
public class MatrixCombinationsParameterValue extends ParameterValue {
private static final long serialVersionUID = 1L;

private static final Logger LOGGER = Logger.getLogger(MatrixCombinationsParameterValue.class.getName());

private List<String> combinations;

@Deprecated
@@ -186,4 +193,25 @@ public String toString() {
}
return valueStr.toString();
}

/**
* return parameter description, applying the configured {@link MarkupFormatter} for jenkins instance.
*
* This is a backport from Jenkins-2.44 or Jenkins-2.32.2.
*
* @since 1.2.0
*/
public String getFormattedDescription() {
try {
return Jenkins.getInstance().getMarkupFormatter().translate(getDescription());
} catch (IOException e) {
LOGGER.log(
Level.WARNING,
"failed to translate description using configured markup formatter: {0}",
getDescription()
);
return "";
}
}

}
@@ -29,7 +29,7 @@ THE SOFTWARE.
<f:textbox field="name" />
</f:entry>
<f:entry title="${%Description}" help="/help/parameter/description.html">
<f:textarea field="description" />
<f:textarea field="description" codemirror-mode="${app.markupFormatter.codeMirrorMode}" codemirror-config="${app.markupFormatter.codeMirrorConfig}" previewEndpoint="/markupFormatter/previewDescription" />
</f:entry>
<f:advanced>
<f:entry field="defaultCombinationFilter" title="${%Default Filter}">
@@ -23,7 +23,8 @@ String nameIt = it.getName();
MatrixProject project = request.findAncestorObject(MatrixProject.class);
if (project == null) {
//in case project is not a Matrix Project
f.entry(title: nameIt, description: it.getDescription()) {
set("escapeEntryTitleAndDescription", false);
f.entry(title: h.escape(nameIt), description: it.formattedDescription) {
div(name: "parameter") {
input(type: "hidden", name: "name", value: nameIt)
text(_("Not applicable. Applicable only to multi-configuration projects."))
@@ -46,7 +47,8 @@ Layouter layouter = new Layouter<Combination>(axes) {
drawMainBody(paramDef, f, nameIt, axes, project, project.lastBuild, layouter)

private void drawMainBody(MatrixCombinationsParameterDefinition paramDef, Namespace f, String nameIt, AxisList axes,MatrixProject project,MatrixBuild build,Layouter layouter) {
f.entry(title: nameIt, description: it.getDescription()) {
set("escapeEntryTitleAndDescription", false);
f.entry(title: h.escape(nameIt), description: it.formattedDescription) {
div(name: "parameter", class: "matrix-combinations-parameter") {
input(type: "hidden", name: "name", value: nameIt)
nsProject.matrix(it: project, layouter: layouter) {
@@ -24,7 +24,8 @@ MatrixProject project = request.findAncestorObject(MatrixProject.class);
MatrixBuild build = request.findAncestorObject(MatrixBuild.class);
if (project == null || build == null) {
//in case you are looking at a specific run, MatrixRun Ancestor will replace the MatrixBuild
f.entry(title: valueIt.getName(), description: it.getDescription()) {
set("escapeEntryTitleAndDescription", false);
f.entry(title: h.escape(valueIt.name), description: it.formattedDescription) {
// In the case the parameter is not defined in this project,
// sending parameters cause rebuild-plugin throws exception.
// Acts as if I'm not here.
@@ -49,7 +50,8 @@ drawParameterBody(parameterDefinition, f, valueIt, axes, project, build, layoute


private void drawParameterBody(MatrixCombinationsParameterDefinition paramDef, Namespace f,valueIt,AxisList axes,MatrixProject project,MatrixBuild build,Layouter layouter) {
f.entry(title: valueIt.getName(), description: it.getDescription()) {
set("escapeEntryTitleAndDescription", false);
f.entry(title: h.escape(valueIt.name), description: it.formattedDescription) {
div(name: "parameter", class: "matrix-combinations-parameter") {
input(type: "hidden", name: "name", value: valueIt.getName())
nsProject.matrix(it: build, layouter: layouter) {
@@ -20,7 +20,8 @@ MatrixProject project = request.findAncestorObject(MatrixProject.class);
MatrixBuild build = request.findAncestorObject(MatrixBuild.class);
if (project == null || build == null) {
//in case you are looking at a specific run, MatrixRun Ancestor will replace the MatrixBuild
f.entry(title: valueIt.getName(), description: it.getDescription()) {
set("escapeEntryTitleAndDescription", false);
f.entry(title: h.escape(valueIt.name), description: it.formattedDescription) {
div(name: "parameter") {
input(type: "hidden", name: "name", value: valueIt.getName())
text(_("Not applicable. Applicable only to multi-configuration projects."))
@@ -40,7 +41,8 @@ drawParameterBody(f, valueIt, axes, project, build, layouter);


private void drawParameterBody(Namespace f,MatrixCombinationsParameterValue valueIt,AxisList axes,MatrixProject project,MatrixBuild build,Layouter layouter) {
f.entry(title: valueIt.getName(), description: it.getDescription()) {
set("escapeEntryTitleAndDescription", false);
f.entry(title: h.escape(valueIt.name), description: it.formattedDescription) {
div(name: "parameter", class: "matrix-combinations-parameter") {
input(type: "hidden", name: "name", value: valueIt.getName())
nsProject.matrix(it: build, layouter: layouter) {

0 comments on commit 732841c

Please sign in to comment.