Skip to content
Permalink
Browse files

[JENKINS-34758] Parameters visibility in child builds (SECURITY-170)

  • Loading branch information
amuniz committed May 18, 2016
1 parent 510aa05 commit c684cc64bc16f37d45b3b704eab1324c46dd2868
@@ -0,0 +1,92 @@
/*
* The MIT License
*
* Copyright (c) 2016, CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package hudson.matrix;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.annotation.Nonnull;

import hudson.EnvVars;
import hudson.Extension;
import hudson.model.EnvironmentContributor;
import hudson.model.InvisibleAction;
import hudson.model.ParameterValue;
import hudson.model.ParametersAction;
import hudson.model.Run;
import hudson.model.TaskListener;

/**
* This class is used to pass parameter actions from a {@link MatrixBuild} to a {@link MatrixRun}.
* This wrapper action is needed since SECURITY-170 is blocking undefined parameters in the child job (thus builds).
*
* It's intended for internal use only, that's why constructor and methods are packaged visible.
* The class itself is public to be visible to core so it can pick up the {@link MatrixChildParametersActionEnvironmentContributor}.
*/
public class MatrixChildParametersAction extends InvisibleAction implements MatrixChildAction {

private final List<ParameterValue> parameters;

MatrixChildParametersAction(List<ParameterValue> parameters) {
this.parameters = parameters;
}

List<ParameterValue> getParameters() {
return parameters;
}

static MatrixChildParametersAction create(ParametersAction action) {
List<ParameterValue> p = new ArrayList<ParameterValue>();
if (action != null) {
p.addAll(action.getParameters());
}
return new MatrixChildParametersAction(p);
}

@Extension
public static final class MatrixChildParametersActionEnvironmentContributor extends EnvironmentContributor {

@Override
public void buildEnvironmentFor(@Nonnull Run r, @Nonnull EnvVars envs, @Nonnull TaskListener listener)
throws IOException, InterruptedException {
if (r instanceof MatrixRun) {
MatrixChildParametersAction childParameters = r.getAction(MatrixChildParametersAction.class);
if (childParameters != null) {
for(ParameterValue p : childParameters.getParameters()) {
putEnvVar(envs, p.getName(), String.valueOf(p.getValue()));
}
}
}
}

private static void putEnvVar(@Nonnull EnvVars envs, String name, String value){
if (value != null) {
envs.put(name, value);
} else {
envs.put(name, "");
}
}
}
}
@@ -484,6 +484,12 @@ public boolean scheduleBuild(List<? extends Action> actions, Cause c) {
allActions.add(new ParentBuildAction());
allActions.add(new CauseAction(c));

for (Action a : actions) { // SECURITY-170
if (a instanceof ParametersAction) {
allActions.add(MatrixChildParametersAction.create((ParametersAction) a));
}
}

return jenkins.getQueue().schedule2(this, getQuietPeriod(), allActions ).isAccepted();
}

0 comments on commit c684cc6

Please sign in to comment.
You can’t perform that action at this time.