Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #1 from jenkinsci/bugfix/JENKINS-25032
(JENKINS-25032) Close Credentials metadata leak in GraniteCredentialsListBoxModel
  • Loading branch information
adamcin committed May 9, 2015
2 parents bb9b876 + 9210b8b commit 5089ad5
Show file tree
Hide file tree
Showing 7 changed files with 40 additions and 23 deletions.
Expand Up @@ -31,13 +31,15 @@
import hudson.Extension;
import hudson.Launcher;
import hudson.model.*;
import hudson.security.AccessControlled;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import net.adamcin.granite.client.packman.PackId;
import net.adamcin.granite.client.packman.WspFilter;
import org.jenkinsci.plugins.tokenmacro.MacroEvaluationException;
import org.jenkinsci.plugins.tokenmacro.TokenMacro;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

Expand Down Expand Up @@ -231,8 +233,8 @@ public boolean isApplicable(Class<? extends AbstractProject> aClass) {
return true;
}

public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter String baseUrl) {
return GraniteCredentialsListBoxModel.fillItems(baseUrl);
public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath AccessControlled context, @QueryParameter String baseUrl) {
return GraniteCredentialsListBoxModel.fillItems(context, baseUrl);
}

public FormValidation doCheckBaseUrl(@QueryParameter String value, @QueryParameter String credentialsId,
Expand Down
Expand Up @@ -33,6 +33,7 @@
import hudson.Launcher;
import hudson.model.*;
import hudson.remoting.VirtualChannel;
import hudson.security.AccessControlled;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
Expand All @@ -41,6 +42,7 @@
import net.adamcin.granite.client.packman.PackId;
import net.sf.json.JSONObject;
import org.jenkinsci.plugins.tokenmacro.TokenMacro;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
Expand Down Expand Up @@ -439,13 +441,13 @@ public boolean configure(StaplerRequest req, JSONObject json) throws FormExcepti
return true;
}

public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter String baseUrls) {
public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath AccessControlled context, @QueryParameter String baseUrls) {
List<String> _baseUrls = parseBaseUrls(baseUrls);

if (_baseUrls != null && !_baseUrls.isEmpty()) {
return GraniteCredentialsListBoxModel.fillItems(_baseUrls.iterator().next());
return GraniteCredentialsListBoxModel.fillItems(context, _baseUrls.iterator().next());
} else {
return GraniteCredentialsListBoxModel.fillItems();
return GraniteCredentialsListBoxModel.fillItems(context);
}
}

Expand Down
Expand Up @@ -31,12 +31,14 @@
import hudson.Extension;
import hudson.Launcher;
import hudson.model.*;
import hudson.security.AccessControlled;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import net.adamcin.granite.client.packman.PackId;
import org.jenkinsci.plugins.tokenmacro.MacroEvaluationException;
import org.jenkinsci.plugins.tokenmacro.TokenMacro;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

Expand Down Expand Up @@ -229,8 +231,8 @@ public boolean isApplicable(Class<? extends AbstractProject> aClass) {
return true;
}

public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter String baseUrl) {
return GraniteCredentialsListBoxModel.fillItems(baseUrl);
public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath AccessControlled context, @QueryParameter String baseUrl) {
return GraniteCredentialsListBoxModel.fillItems(context, baseUrl);
}

public FormValidation doCheckBaseUrl(@QueryParameter String value, @QueryParameter String credentialsId,
Expand Down
Expand Up @@ -34,9 +34,11 @@
import hudson.Extension;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.security.AccessControlled;
import jenkins.model.Jenkins;
import jenkins.plugins.asynchttpclient.AHCUtils;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.StaplerRequest;

/**
Expand Down Expand Up @@ -186,8 +188,8 @@ public String getDisplayName() {
return "CRX Content Package Deployer - HTTP Client";
}

public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems() {
return GraniteCredentialsListBoxModel.fillItems();
public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath AccessControlled context) {
return GraniteCredentialsListBoxModel.fillItems(context);
}

public Credentials getDefaultCredentials() {
Expand Down
Expand Up @@ -38,6 +38,8 @@
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.util.ListBoxModel;

import java.util.Collections;
import java.util.List;
Expand All @@ -59,26 +61,29 @@ protected String describe(@NonNull IdCredentials idCredentials) {
}
}

public static AbstractIdCredentialsListBoxModel fillItems() {
return fillItems(Collections.<DomainRequirement>emptyList());
public static AbstractIdCredentialsListBoxModel fillItems(final AccessControlled context) {
return fillItems(context, Collections.<DomainRequirement>emptyList());
}

public static AbstractIdCredentialsListBoxModel fillItems(final String baseUrl) {
public static AbstractIdCredentialsListBoxModel fillItems(final AccessControlled context, final String baseUrl) {
if (baseUrl != null) {
return fillItems(URIRequirementBuilder.fromUri(baseUrl).build());
return fillItems(context, URIRequirementBuilder.fromUri(baseUrl).build());
} else {
return fillItems();
return fillItems(context);
}
}

private static AbstractIdCredentialsListBoxModel fillItems(List<DomainRequirement> reqs) {
private static AbstractIdCredentialsListBoxModel fillItems(final AccessControlled context, final List<DomainRequirement> reqs) {
AbstractIdCredentialsListBoxModel<GraniteCredentialsListBoxModel, IdCredentials> model =
new GraniteCredentialsListBoxModel().withEmptySelection();

if (context == null || !context.hasPermission(Item.CONFIGURE)) {
return model;
}

List<SSHUserPrivateKey> keys = CredentialsProvider.lookupCredentials(SSHUserPrivateKey.class,
(Item) null, ACL.SYSTEM, reqs);

AbstractIdCredentialsListBoxModel<GraniteCredentialsListBoxModel, IdCredentials> model =
new GraniteCredentialsListBoxModel().withEmptySelection();

if (!keys.isEmpty()) {
for (SSHUserPrivateKey key : keys) {
model = model.with(GraniteNamedIdCredentials.wrap(key));
Expand Down
Expand Up @@ -31,11 +31,13 @@
import hudson.Extension;
import hudson.model.ParameterDefinition;
import hudson.model.ParameterValue;
import hudson.security.AccessControlled;
import hudson.util.FormValidation;
import net.adamcin.granite.client.packman.*;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
Expand Down Expand Up @@ -75,8 +77,8 @@ public FormValidation doCheckBaseUrl(@QueryParameter String value, @QueryParamet
}
}

public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter String baseUrl) {
return GraniteCredentialsListBoxModel.fillItems(baseUrl);
public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath AccessControlled context, @QueryParameter String baseUrl) {
return GraniteCredentialsListBoxModel.fillItems(context, baseUrl);
}
}

Expand Down
Expand Up @@ -31,12 +31,14 @@
import hudson.Extension;
import hudson.Launcher;
import hudson.model.*;
import hudson.security.AccessControlled;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import net.adamcin.granite.client.packman.PackId;
import org.jenkinsci.plugins.tokenmacro.MacroEvaluationException;
import org.jenkinsci.plugins.tokenmacro.TokenMacro;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

Expand Down Expand Up @@ -224,13 +226,13 @@ public boolean isApplicable(Class<? extends AbstractProject> aClass) {
return true;
}

public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter String baseUrls) {
public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath AccessControlled context, @QueryParameter String baseUrls) {
List<String> _baseUrls = parseBaseUrls(baseUrls);

if (_baseUrls != null && !_baseUrls.isEmpty()) {
return GraniteCredentialsListBoxModel.fillItems(_baseUrls.iterator().next());
return GraniteCredentialsListBoxModel.fillItems(context, _baseUrls.iterator().next());
} else {
return GraniteCredentialsListBoxModel.fillItems();
return GraniteCredentialsListBoxModel.fillItems(context);
}
}

Expand Down

0 comments on commit 5089ad5

Please sign in to comment.