From 0634ce149b8c03677dfab13afb4fa422317a1180 Mon Sep 17 00:00:00 2001
From: Markus Winter <m.winter@sap.com>
Date: Mon, 30 May 2022 21:02:24 +0200
Subject: [PATCH] [JENKINS-67456] add check that pattern is valid (#178)

* [JENKINS-67456] add check that pattern is valid

* Update src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java

Co-authored-by: Abhyudaya Sharma <11471599+AbhyudayaSharma@users.noreply.github.com>

* do not validate pattern in javascript

javascript has different rules so it might falsely allow or deny a
pattern

Co-authored-by: Abhyudaya Sharma <11471599+AbhyudayaSharma@users.noreply.github.com>
---
 .../rolestrategy/RoleBasedAuthorizationStrategy.java | 12 ++++++++++++
 .../RoleStrategyConfig/manage-project-roles.jelly    |  5 +++--
 .../RoleStrategyConfig/manage-roles.jelly            |  4 ++++
 .../RoleStrategyConfig/manage-slave-roles.jelly      |  3 ++-
 4 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
index cd196426..fba00587 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
@@ -74,6 +74,7 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
 
 import hudson.util.FormValidation;
 import jenkins.model.Jenkins;
@@ -940,6 +941,17 @@ public boolean showPermission(String type, Permission p) {
         }
     }
 
+    @RequirePOST
+    @Restricted(NoExternalUse.class)
+    public FormValidation doCheckPattern(@QueryParameter String value) {
+      try {
+          Pattern.compile(value);
+      } catch (PatternSyntaxException pse) {
+        return FormValidation.error(pse.getMessage());
+      }
+      return FormValidation.ok();
+    }
+
     @RequirePOST
     public FormValidation doCheckName(@QueryParameter String value) {
       final String v = value.substring(1,value.length()-1);
diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly
index 6a5b2238..3c46dfbe 100644
--- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly
+++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-project-roles.jelly
@@ -118,7 +118,7 @@
       <f:textbox type="text" id="${id}text" />
     </f:entry>
     <f:entry help="${rootURL}/plugin/role-strategy/help/help-pattern.html" title="${%Pattern}">
-      <f:textbox type="text" id="${id}pattern" />
+      <f:textbox type="text" id="${id}pattern" checkUrl="'${descriptorPath}/checkPattern?value='+escape(this.value)"/>
     </f:entry>
     <f:entry>
       <input type="button" value="${%Add}" id="${id}button"/>
@@ -148,6 +148,7 @@
             alert("Please enter a pattern");
             return;
           }
+          
           if(findElementsBySelector(table,"TR").find(function(n){return n.getAttribute("name")=='['+name+']';})!=null) {
             alert("Entry for '"+name+"' already exists");
             return;
@@ -258,7 +259,7 @@
             this.innerHTML = '<input type="text" name="[pattern]" value="' + this.childNodes[1].value + '" size="' + (this.childNodes[1].value.length+10) + '"/>';
           }
           else {
-            this.innerHTML = this.childNodes[0].value.escapeHTML() + '<input type="hidden" name="[pattern]" value="' + this.childNodes[0].value + '"/>';
+            this.innerHTML = '<a href="#" class="patternAnchor">&quot;' + this.childNodes[0].value.escapeHTML() + '&quot;</a><input type="hidden" name="[pattern]" value="' + this.childNodes[0].value + '"/>';
           }
           return false;
         }
diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly
index 7e8c5d49..dac1266f 100644
--- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly
+++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-roles.jelly
@@ -47,6 +47,10 @@
           <j:set var="projectGroups" value="${it.strategy.descriptor.getGroups(it.strategy.PROJECT)}"/>
           <j:set var="slaveGroups" value="${it.strategy.descriptor.getGroups(it.strategy.SLAVE)}"/>
 
+          <j:if test="${empty(descriptorPath)}">
+            <j:set var="descriptorPath" value="${rootURL}/descriptor/${it.strategy.descriptor.clazz.name}"/>
+          </j:if>
+
           <d:taglib uri="local">
             <d:tag name="roleRow">
                 <td class="start">
diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-slave-roles.jelly b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-slave-roles.jelly
index b71eb507..d7245e8d 100644
--- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-slave-roles.jelly
+++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleStrategyConfig/manage-slave-roles.jelly
@@ -121,7 +121,7 @@
       <f:textbox type="text" id="${id}text" />
     </f:entry>
     <f:entry help="${rootURL}/plugin/role-strategy/help/help-pattern.html" title="${%Pattern}">
-      <f:textbox type="text" id="${id}pattern" />
+      <f:textbox type="text" id="${id}pattern" checkUrl="'${descriptorPath}/checkPattern?value='+escape(this.value)"/>
     </f:entry>
     <f:entry>
       <input type="button" value="${%Add}" id="${id}button"/>
@@ -152,6 +152,7 @@
             alert("Please enter a pattern");
             return;
           }
+
           if(findElementsBySelector(table,"TR").find(function(n){return n.getAttribute("name")=='['+name+']';})!=null) {
             alert("Entry for '"+name+"' already exists");
             return;