Skip to content

Commit

Permalink
[SECURITY-1391]
Browse files Browse the repository at this point in the history
  • Loading branch information
uhafner authored and daniel-beck committed May 27, 2019
1 parent 0b0016b commit 38e5354
Show file tree
Hide file tree
Showing 7 changed files with 48 additions and 27 deletions.
7 changes: 5 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -706,8 +706,11 @@
<classQualifiedName>edu.hm.hafner.analysis..*</classQualifiedName>
<justification>Optional dependency</justification>
</item>
</revapi.ignore>
<revapi.ignore>
<item>
<code>java.method.removed</code>
<methodName>doResetReference</methodName>
<justification>See SECURITY-1391.</justification>
</item>
<item>
<regex>true</regex>
<code>java.missing.*</code>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,15 @@ public String getTableModel(final String id) {
return toJsonArray(rows);
}

/**
* Resets the quality gate for the owner of this view.
*/
@JavaScriptMethod
@SuppressWarnings("unused") // Called by jelly view
public void resetReference() {
RESET_QUALITY_GATE_COMMAND.execute(owner, labelProvider.getId());
}

/**
* Returns the UI model for an ECharts doughnut chart that shows the severities.
*
Expand Down Expand Up @@ -510,25 +519,6 @@ public String getDisplayName() {
return displayName;
}

/**
* Resets the quality gate for the owner of this view. Redirects to the top level page afterwards.
*
* @param request
* Stapler request
* @param response
* Stapler response
*/
public void doResetReference(final StaplerRequest request, final StaplerResponse response) {
RESET_QUALITY_GATE_COMMAND.execute(owner, labelProvider.getId());

try {
response.sendRedirect2("../");
}
catch (IOException ignore) {
// ignore
}
}

/**
* Returns a new sub page for the selected link.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;

import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.bind.JavaScriptMethod;
import hudson.model.Action;
import hudson.model.HealthReport;
import hudson.model.HealthReportingAction;
Expand Down Expand Up @@ -133,7 +134,7 @@ public String getRelativeUrl() {
*/
@SuppressWarnings("deprecation") // this is the only way for remote API calls to obtain the absolute path
public String getAbsoluteUrl() {
return this.getOwner().getAbsoluteUrl();
return getOwner().getAbsoluteUrl();
}

@Override
Expand Down Expand Up @@ -259,4 +260,13 @@ public StaticAnalysisLabelProvider getLabelProvider() {
public Object getTarget() {
return new IssuesDetail(owner, result, getLabelProvider(), healthDescriptor, Charset.forName(charset));
}

/**
* Workaround for Stapler bug: JavaScript method in target object is not found.
*/
@JavaScriptMethod
@SuppressWarnings("unused")
public void resetReference() {
// Workaround for Stapler bug that does not find JavaScript proxy methods in target object IssueDetail
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,10 @@ public DomContent getQualityGateResult(final QualityGateStatus qualityGateStatus
public DomContent getQualityGateResult(final QualityGateStatus qualityGateStatus, final boolean hasResetLink) {
if (hasResetLink) {
return join(Messages.Tool_QualityGate(), getResultIcon(qualityGateStatus),
a("(reset)").withHref(getId() + "/resetReference"));
button("Reset quality gate")
.withId(getId() + "-resetReference")
.withType("button")
.withClasses("btn", "btn-outline-primary", "btn-sm"));
}
return join(Messages.Tool_QualityGate(), getResultIcon(qualityGateStatus));
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,11 +1,25 @@
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:t="/lib/hudson" xmlns:issues="/issues">
<j:jelly xmlns:j="jelly:core" xmlns:t="/lib/hudson" xmlns:issues="/issues" xmlns:st="jelly:stapler">

<issues:fontawesome-css/>
<link rel="stylesheet" href="${resURL}/plugin/warnings-ng/css/custom-style.css"/>

<t:summary icon="${it.hasLargeImage() ? it.largeImageName : icon}">
<j:out value="${it.summary}" />
<j:out value="${it.summary}"/>
</t:summary>

<script>
var button = document.getElementById("${it.id}-resetReference");

if (button) {
button.addEventListener('click', async _ => {
hoverNotification("${%resetting.notification(it.id)}", button.parentNode);
var proxy = <st:bind value="${it}"/>;
proxy.resetReference(function (t) {
document.getElementById("${it.id}-resetReference").remove();
});
});
}
</script>

</j:jelly>
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
resetting.notification=Resetting quality gate for {0}
Original file line number Diff line number Diff line change
Expand Up @@ -298,8 +298,8 @@ void shouldProvideResetAction() {
Summary summary = createSummary(analysisResult, true);

assertThat(summary.create()).contains(
"Quality gate: <img src=\"color\" class=\"icon-blue\" alt=\"Success\" title=\"Success\"> Success"
+ " <a href=\"test/resetReference\">(reset)</a>");
"Quality gate: <img src=\"color\" class=\"icon-blue\" alt=\"Success\" title=\"Success\"> Success "
+ "<button id=\"test-resetReference\" type=\"button\" class=\"btn btn-outline-primary btn-sm\">Reset quality gate</button>");
}

private Summary createSummary(final AnalysisResult analysisResult) {
Expand Down

0 comments on commit 38e5354

Please sign in to comment.