[SECURITY-2946]

jenkinsci · Nov 3, 2022 · c335cdd · c335cdd
1 parent f33d8ee
commit c335cdd
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+### 1.18.2
+
+Release date: (TBD), 2022
+
+* *SECURITY FIX* (SECURITY-2946)
+    * https://www.jenkins.io/security/advisory/(TBD)/
+
 ### 1.18.1
 
 Release date: Aug 9, 2020

diff --git a/src/main/resources/com/chikli/hudson/plugin/naginator/NaginatorCause/description.jelly b/src/main/resources/com/chikli/hudson/plugin/naginator/NaginatorCause/description.jelly
@@ -6,20 +6,20 @@
 
                 <j:choose>
                     <j:when test="${it.sourceBuild!=null}">
-                        <j:out value="${%DescriptionWithLinkToSource(it.summary,rootURL,it.sourceBuild.url)}"/>
+                        ${%DescriptionWithLinkToSource(it.summary,rootURL,it.sourceBuild.url)}
                     </j:when>
                     <j:otherwise>
-                        <j:out value="${%DescriptionWithDeletedSource(it.summary)}"/>
+                        ${%DescriptionWithDeletedSource(it.summary)}
                     </j:otherwise>
                 </j:choose>
             </j:when>
             <j:otherwise>
                 <j:choose>
                     <j:when test="${it.summary!=null}">
-                        <j:out value="${it.shortDescription}"/>
+                        ${it.shortDescription}
                     </j:when>
                     <j:otherwise>
-                        <j:out value="${%DescriptionGeneral}"/>
+                        ${%DescriptionGeneral}
                     </j:otherwise>
                 </j:choose>
             </j:otherwise>

diff --git a/src/test/java/com/chikli/hudson/plugin/naginator/NaginatorCauseTest.java b/src/test/java/com/chikli/hudson/plugin/naginator/NaginatorCauseTest.java
@@ -35,6 +35,7 @@
 import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.JenkinsRule.WebClient;
 
+import com.gargoylesoftware.htmlunit.html.DomElement;
 import com.gargoylesoftware.htmlunit.html.HtmlAnchor;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 
@@ -180,4 +181,17 @@ public void testCauseLinkWithLargeNumber() throws Exception {
         }
     }
 
+    @Issue("SECURITY-2946")
+    @Test
+    public void testEscapedDisplayname() throws Exception {
+        FreeStyleProject p = j.createFreeStyleProject();
+        FreeStyleBuild build1 = p.scheduleBuild2(0).get();
+        build1.setDisplayName("<div id=\"unescaped-displayname\">bad displayname</div>");
+        FreeStyleBuild build2 = p.scheduleBuild2(0, new NaginatorCause(build1)).get();
+
+        WebClient wc = j.createWebClient();
+        HtmlPage page = wc.getPage(build2);
+        DomElement unescaped = page.getElementById("unescaped-displayname");
+        assertNull(unescaped);
+    }
 }