Skip to content

Commit

Permalink
[JENKINS-67456] add check that pattern is valid (#178)
Browse files Browse the repository at this point in the history 
* [JENKINS-67456] add check that pattern is valid

* Update src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java

Co-authored-by: Abhyudaya Sharma <11471599+AbhyudayaSharma@users.noreply.github.com>

* do not validate pattern in javascript

javascript has different rules so it might falsely allow or deny a
pattern

Co-authored-by: Abhyudaya Sharma <11471599+AbhyudayaSharma@users.noreply.github.com>
  • Loading branch information
@mawinter69 @AbhyudayaSharma
mawinter69 and AbhyudayaSharma committed May 30, 2022
1 parent 4b1263a commit 0634ce1
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 3 deletions.
12 changes: 12 additions & 0 deletions ...ain/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
View file
Expand Up @@ -74,6 +74,7 @@
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;

import hudson.util.FormValidation;
import jenkins.model.Jenkins;
Expand Down Expand Up @@ -940,6 +941,17 @@ public boolean showPermission(String type, Permission p) {
}
}

@RequirePOST
@Restricted(NoExternalUse.class)
public FormValidation doCheckPattern(@QueryParameter String value) {
try {
Pattern.compile(value);
} catch (PatternSyntaxException pse) {
return FormValidation.error(pse.getMessage());
}
return FormValidation.ok();
}

@RequirePOST
public FormValidation doCheckName(@QueryParameter String value) {
final String v = value.substring(1,value.length()-1);
Expand Down
5 changes: 3 additions & 2 deletions ...om/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly
View file
Expand Up @@ -118,7 +118,7 @@
<f:textbox type="text" id="${id}text" />
</f:entry>
<f:entry help="${rootURL}/plugin/role-strategy/help/help-pattern.html" title="${%Pattern}">
<f:textbox type="text" id="${id}pattern" />
<f:textbox type="text" id="${id}pattern" checkUrl="'${descriptorPath}/checkPattern?value='+escape(this.value)"/>
</f:entry>
<f:entry>
<input type="button" value="${%Add}" id="${id}button"/>
Expand Down Expand Up @@ -148,6 +148,7 @@
alert("Please enter a pattern");
return;
}

if(findElementsBySelector(table,"TR").find(function(n){return n.getAttribute("name")=='['+name+']';})!=null) {
alert("Entry for '"+name+"' already exists");
return;
Expand Down Expand Up @@ -258,7 +259,7 @@
this.innerHTML = '<input type="text" name="[pattern]" value="' + this.childNodes[1].value + '" size="' + (this.childNodes[1].value.length+10) + '"/>';
}
else {
this.innerHTML = this.childNodes[0].value.escapeHTML() + '<input type="hidden" name="[pattern]" value="' + this.childNodes[0].value + '"/>';
this.innerHTML = '<a href="#" class="patternAnchor">&quot;' + this.childNodes[0].value.escapeHTML() + '&quot;</a><input type="hidden" name="[pattern]" value="' + this.childNodes[0].value + '"/>';
}
return false;
}
Expand Down
4 changes: 4 additions & 0 deletions ...ources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly
View file
Expand Up @@ -47,6 +47,10 @@
<j:set var="projectGroups" value="${it.strategy.descriptor.getGroups(it.strategy.PROJECT)}"/>
<j:set var="slaveGroups" value="${it.strategy.descriptor.getGroups(it.strategy.SLAVE)}"/>

<j:if test="${empty(descriptorPath)}">
<j:set var="descriptorPath" value="${rootURL}/descriptor/${it.strategy.descriptor.clazz.name}"/>
</j:if>

<d:taglib uri="local">
<d:tag name="roleRow">
<td class="start">
Expand Down
3 changes: 2 additions & 1 deletion .../com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-slave-roles.jelly
View file
Expand Up @@ -121,7 +121,7 @@
<f:textbox type="text" id="${id}text" />
</f:entry>
<f:entry help="${rootURL}/plugin/role-strategy/help/help-pattern.html" title="${%Pattern}">
<f:textbox type="text" id="${id}pattern" />
<f:textbox type="text" id="${id}pattern" checkUrl="'${descriptorPath}/checkPattern?value='+escape(this.value)"/>
</f:entry>
<f:entry>
<input type="button" value="${%Add}" id="${id}button"/>
Expand Down Expand Up @@ -152,6 +152,7 @@
alert("Please enter a pattern");
return;
}

if(findElementsBySelector(table,"TR").find(function(n){return n.getAttribute("name")=='['+name+']';})!=null) {
alert("Entry for '"+name+"' already exists");
return;
Expand Down

0 comments on commit 0634ce1

Please sign in to comment.