Skip to content

Commit

Permalink
fix csrf error for actions in the node's monitoring page, but respons…
Browse files Browse the repository at this point in the history 
…e messages are still not displayed (gc, heap dump and when memory histogram is not supported)
  • Loading branch information
@evernat
evernat committed Apr 25, 2023
1 parent cf1890d commit 67405cf
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
18 changes: 18 additions & 0 deletions src/main/java/org/jvnet/hudson/plugins/monitoring/NodeMonitoringAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,13 @@
*/
package org.jvnet.hudson.plugins.monitoring;

import org.kohsuke.stapler.Stapler;

import hudson.model.Action;
import hudson.model.Computer;
import jenkins.model.Jenkins;
import net.bull.javamelody.SessionListener;
import net.bull.javamelody.internal.web.html.HtmlAbstractReport;

/**
* Implements a "Monitoring" button for slaves.
Expand Down Expand Up @@ -80,6 +84,20 @@ public String getMonitoringUrl() {
return "../../../../monitoring" + urlSuffix;

Check warning on line 84 in src/main/java/org/jvnet/hudson/plugins/monitoring/NodeMonitoringAction.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line 

Line 84 is not covered by tests
}

/**
* Si la protection csrf est activée dans Jenkins (ce qui est le cas par défaut),
* retourne la partie de l'url avec le token csrf de javamelody.
* @return String
*/
public String getCsrfTokenUrlPart() {
try {
SessionListener.bindSession(Stapler.getCurrentRequest().getSession(false));

Check warning on line 94 in src/main/java/org/jvnet/hudson/plugins/monitoring/NodeMonitoringAction.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line 

Line 94 is not covered by tests
return HtmlAbstractReport.getCsrfTokenUrlPart().replace("&", "&");

Check warning on line 95 in src/main/java/org/jvnet/hudson/plugins/monitoring/NodeMonitoringAction.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line 

Line 95 is not covered by tests
} finally {
SessionListener.unbindSession();

Check warning on line 97 in src/main/java/org/jvnet/hudson/plugins/monitoring/NodeMonitoringAction.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line 

Line 97 is not covered by tests
}
}

/**
* Checks that user has access permissions to the monitoring page.
* By default, requires global Administer or SystemRead permissions.
Expand Down
4 changes: 2 additions & 2 deletions src/main/resources/org/jvnet/hudson/plugins/monitoring/NodeMonitoringAction/index.jelly
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,12 +89,12 @@
<h2>${%System actions}</h2>
<table style="padding-left: 2em;" id="management-actions">
<local:feature icon="${it.monitoringUrl}?resource=broom.png"
href="${it.monitoringUrl}?action=gc"
href="${it.monitoringUrl}?action=gc${it.csrfTokenUrlPart}"
title="${%Execute the garbage collector}">
${%Runs the garbage collector on the node}
</local:feature>
<local:feature icon="${it.monitoringUrl}?resource=heapdump.png"
href="${it.monitoringUrl}?action=heap_dump"
href="${it.monitoringUrl}?action=heap_dump${it.csrfTokenUrlPart}"
title="${%Generate a heap dump}">
<b style="color:orange">${%Warning!}</b> ${%This operation may affect performance of the node}
</local:feature>
Expand Down

0 comments on commit 67405cf

Please sign in to comment.