Skip to content
Permalink
Browse files

JENKINS-24308 Expost build variable

  • Loading branch information
Daniel Heid
Daniel Heid committed Nov 6, 2017
1 parent 8eefc72 commit 1e7f1b5f27b74db74a8180dd0c4aa74ca037ed81
@@ -61,6 +61,8 @@ changes without needing to run to `package` phase.
* JENKINS-30011 - Allow multiple instances of Post Build Scripts as a post build action
* Fix JENKINS-28825 - Confusing error message when leaving script path empty
* Major refactoring, but still trying to be downwards compatible
* Added help files and translations
* JENKINS-24308 - Expost build variable, the AbstractBuild

### Version 0.18
* Fix JENKINS-43637 - Arbitrary code execution vulnerability:
@@ -54,8 +54,7 @@ private static String getResolvedPath(
String path,
AbstractBuild<?, ?> build,
TaskListener listener
)
throws PostBuildScriptException {
) throws PostBuildScriptException {
if (path == null) {
return null;
}
@@ -156,7 +155,6 @@ private boolean processGroovyScriptFileList()
throws PostBuildScriptException {

Optional<Result> result = Optional.fromNullable(build.getResult());
FilePath workspace = build.getWorkspace();
for (ScriptFile script : config.getGroovyScriptFiles()) {

String filePath = script.getFilePath();
@@ -169,7 +167,7 @@ private boolean processGroovyScriptFileList()
if (!result.isPresent() || script.shouldBeExecuted(result.get().toString())) {
String groovyPath = getResolvedPath(script.getFilePath(), build, listener);
if (groovyPath != null) {
if (!executor.performGroovyScriptFile(workspace, groovyPath)) {
if (!executor.performGroovyScriptFile(build, groovyPath)) {
return false;
}
}
@@ -183,15 +181,13 @@ private boolean processGroovyScriptFileList()

private boolean processGroovyScriptContentList() {

FilePath workspace = build.getWorkspace();

Optional<Result> result = Optional.fromNullable(build.getResult());
for (Script script : config.getGroovyScripts()) {

if (!result.isPresent() || script.shouldBeExecuted(result.get().toString())) {
String content = script.getContent();
if (content != null) {
if (!executor.performGroovyScript(workspace, content)) {
if (!executor.performGroovyScript(build, content)) {
return false;
}
}
@@ -4,6 +4,7 @@
import hudson.EnvVars;
import hudson.FilePath;
import hudson.Util;
import hudson.model.AbstractBuild;
import jenkins.security.SlaveToMasterCallable;
import org.jenkinsci.plugins.postbuildscript.Logger;
import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript;
@@ -13,12 +14,12 @@
public class GroovyScriptExecutionCallable extends SlaveToMasterCallable<Boolean, Throwable> {
private static final long serialVersionUID = 3874477459736242748L;
private final String scriptContent;
private final FilePath workspace;
private final AbstractBuild<?, ?> build;
private final Logger log;

public GroovyScriptExecutionCallable(String scriptContent, FilePath workspace, Logger log) {
public GroovyScriptExecutionCallable(String scriptContent, AbstractBuild<?, ?> build, Logger log) {
this.scriptContent = scriptContent;
this.workspace = workspace;
this.build = build;
this.log = log;
}

@@ -27,11 +28,14 @@ public Boolean call() throws Exception {

String script = Util.replaceMacro(scriptContent, EnvVars.masterEnvVars);


Binding binding = new Binding();
binding.setVariable("workspace", new File(workspace.getRemote())); //NON-NLS
FilePath workspace = build.getWorkspace();
if (workspace != null) {
binding.setVariable("workspace", new File(workspace.getRemote())); //NON-NLS
}
binding.setVariable("log", log);
binding.setVariable("out", log.getListener().getLogger()); //NON-NLS
binding.setVariable("build", build); //NON-NLS

ClassLoader classLoader = getClass().getClassLoader();

@@ -2,6 +2,7 @@

import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.BuildListener;
import hudson.tasks.BatchFile;
import hudson.tasks.CommandInterpreter;
@@ -120,27 +121,51 @@ private int executeScript(
}
}

public boolean performGroovyScript(FilePath workspace, String scriptContent) {
public boolean performGroovyScript(AbstractBuild<?, ?> build, String scriptContent) {

if (scriptContent == null) {
throw new IllegalArgumentException("The script content object must be set.");
}

FilePath workspace = build.getWorkspace();
if (ensureWorkspaceNotNull(workspace)) {
return false;
}

try {
return workspace.act(new GroovyScriptExecutionCallable(scriptContent, workspace, log));
return workspace.act(new GroovyScriptExecutionCallable(scriptContent, build, log));
} catch (Throwable throwable) {
listener.getLogger().println(Messages.PostBuildScript_ProblemOccured(throwable.getMessage()));
log(Messages.PostBuildScript_ProblemOccured(throwable.getMessage()));
return false;
}
}

private boolean ensureWorkspaceNotNull(FilePath workspace) {
if (workspace == null) {
log(Messages.PostBuildScript_WorkspaceEmpty());
return true;
}
return false;
}

private void log(String message) {
listener.getLogger().println(message);
}

public boolean performGroovyScriptFile(
FilePath workspace,
AbstractBuild<?, ?> build,
CharSequence scriptFilePath
) throws PostBuildScriptException {

FilePath workspace = build.getWorkspace();
if (ensureWorkspaceNotNull(workspace)) {
return false;
}

FilePath filePath = resolveScriptPath(workspace, scriptFilePath);

String scriptContent = getResolvedContentWithEnvVars(filePath);
return performGroovyScript(workspace, scriptContent);
return performGroovyScript(build, scriptContent);
}

}
@@ -6,6 +6,7 @@ PostBuildScript.ProblemOccured=Problem occurred: {0}
PostBuildScript.BuildDoesNotHaveAnyOfTheResults=Build does not have any of the results {0}. Did not execute {1}
PostBuildScript.ExecutingPostBuildScripts=Executing post build scripts.
PostBuildScript.NoFilePathProvided=No file path provided for script file #{0}
PostBuildScript.WorkspaceEmpty=Workspace is null. Cannot execute Groovy script.
PostBuildScript.GroovyScript=Groovy script #{0}
PostBuildScript.BuildStep=build step #{0}
PostBuildScript.ErrorPrefix=[ERROR] {0}
@@ -6,6 +6,7 @@ PostBuildScript.ProblemOccured=Folgendes Problem ist aufgetreten: {0}
PostBuildScript.BuildDoesNotHaveAnyOfTheResults=Der Build hat keines der Ergebnisse {0}. F\u00fchre {1} nicht aus.
PostBuildScript.ExecutingPostBuildScripts=F\u00fchre Post-Build-Skripte aus
PostBuildScript.NoFilePathProvided=Es wurde kein Skript-Pfad f\u00fcr das Skript-Element mit der Nummer {0} angegeben.
PostBuildScript.WorkspaceEmpty=Der Workspace ist null. Kann Groovy-Skript nicht ausf\u00fchren.
PostBuildScript.GroovyScript=Groovy-Skript #{0}
PostBuildScript.BuildStep=Build-Schritt #{0}
PostBuildScript.ErrorPrefix=[FEHLER] {0}

0 comments on commit 1e7f1b5

Please sign in to comment.
You can’t perform that action at this time.