Skip to content
Permalink
Browse files Browse the repository at this point in the history
Escape pattern field of build job param to prevent security vulnerabi…
…lity
  • Loading branch information
robinshine committed Nov 20, 2020
1 parent 0df578a commit 39d95ab
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
Expand Up @@ -105,7 +105,7 @@ public List<String> getPossibleValues() {
return Lists.newArrayList();
}

protected String escape(String string) {
public static String escape(String string) {
String escaped = JavaEscape.escapeJava(string);
// escape $ character since it has special meaning in groovy string
escaped = escaped.replace("$", "\\$");
Expand Down
Expand Up @@ -15,6 +15,7 @@ public class TextInput {

public static String getPropertyDef(InputSpec inputSpec, Map<String, Integer> indexes,
String pattern, DefaultValueProvider defaultValueProvider) {
pattern = InputSpec.escape(pattern);
int index = indexes.get(inputSpec.getName());
StringBuffer buffer = new StringBuffer();
inputSpec.appendField(buffer, index, "String");
Expand All @@ -24,7 +25,7 @@ public static String getPropertyDef(InputSpec inputSpec, Map<String, Integer> in
if (pattern != null)
buffer.append(" @Pattern(regexp=\"" + pattern + "\", message=\"Should match regular expression: " + pattern + "\")\n");
inputSpec.appendMethods(buffer, index, "String", null, defaultValueProvider);

return buffer.toString();
}

Expand Down
Expand Up @@ -5,5 +5,5 @@ public class Test {
@org.junit.Test
public void test() {
}

}

0 comments on commit 39d95ab

Please sign in to comment.