Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-20784] - Avoid user's creation in TriggeringUsersAuthorizati…
…onStrategy

Bad guys can insert everything to UserIdCause, so it is preferable to have such check.
Related to https://issues.jenkins-ci.org/browse/JENKINS-20784

Signed-off-by: Oleg Nenashev <nenashev@synopsys.com>
  • Loading branch information
oleg-nenashev committed Nov 27, 2013
1 parent 2a45c7d commit e693f8d
Showing 1 changed file with 2 additions and 1 deletion.
Expand Up @@ -34,6 +34,7 @@
import hudson.model.Descriptor;
import hudson.model.Run;
import hudson.model.User;
import java.util.Collections;

import org.acegisecurity.Authentication;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy;
Expand All @@ -60,7 +61,7 @@ public TriggeringUsersAuthorizationStrategy() {
public Authentication authenticate(AbstractProject<?, ?> project, Queue.Item item) {
Cause.UserIdCause cause = getRootUserIdCause(item);
if (cause != null) {
User u = User.get(cause.getUserId());
User u = User.get(cause.getUserId(), false, Collections.emptyMap());
if (u == null) {
return Jenkins.ANONYMOUS;
}
Expand Down

0 comments on commit e693f8d

Please sign in to comment.