Fix for JENKINS-51053. FilePath is accessible from master or slave. N…

…o need to force execution on slave. Simplified. Added verbage to doc regarding permissions. Updated version to 3.1.2.1
jenkinsci · May 2, 2018 · 3776f5f · 3776f5f
1 parent aa6ccde
commit 3776f5f
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 9 deletions.
diff --git a/pom.xml b/pom.xml
@@ -17,7 +17,7 @@
     <artifactId>dependency-check-jenkins-plugin</artifactId>
 
     <name>OWASP Dependency-Check Plugin</name>
-    <version>3.1.3-SNAPSHOT</version>
+    <version>3.1.2.1-SNAPSHOT</version>
     <packaging>hpi</packaging>
     <inceptionYear>2012</inceptionYear>
     <organization>
@@ -122,7 +122,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.4</version>
+            <version>3.7</version>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.main</groupId>

diff --git a/src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyTrackPublisher.java b/src/main/java/org/jenkinsci/plugins/DependencyCheck/DependencyTrackPublisher.java
@@ -29,9 +29,9 @@
 import hudson.tasks.Recorder;
 import hudson.util.FormValidation;
 import hudson.util.ListBoxModel;
-import jenkins.security.MasterToSlaveCallable;
 import jenkins.tasks.SimpleBuildStep;
 import net.sf.json.JSONObject;
+import org.apache.commons.lang3.StringUtils;
 import org.jenkinsci.Symbol;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
@@ -115,12 +115,7 @@ public void perform(@Nonnull final Run<?, ?> build,
         final String projectId = PluginUtil.substituteVariable(build, listener, this.projectId);
         final String artifact = PluginUtil.substituteVariable(build, listener, this.artifact);
 
-        boolean success = launcher.getChannel().call(new MasterToSlaveCallable<Boolean, IOException>() {
-            public Boolean call() throws IOException {
-                return upload(listener, projectId, artifact, isScanResult, filePath);
-            }
-        });
-
+        boolean success = upload(listener, projectId, artifact, isScanResult, filePath);
         if (!success) {
             build.setResult(Result.FAILURE);
         }
@@ -321,6 +316,10 @@ public String getDisplayName() {
          * This method returns the global configuration for dependencyTrackUrl.
          */
         public String getDependencyTrackUrl() {
+            dependencyTrackUrl = StringUtils.trimToNull(dependencyTrackUrl);
+            if (dependencyTrackUrl != null && dependencyTrackUrl.endsWith("/")) {
+                return dependencyTrackUrl.substring(0, dependencyTrackUrl.length() -1);
+            }
             return dependencyTrackUrl;
         }
 

diff --git a/src/main/webapp/help-dt-projectid.html b/src/main/webapp/help-dt-projectid.html
@@ -1,4 +1,9 @@
 <div>
     Specifies the unique Project ID of the project to upload scan results to. The Project ID is a UUID
     with the following format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+    <p>
+        If the list of projects are not displayed (such as an HTTP 403 response), ensure the API key
+        specified in the global configuration has VIEW_PORTFOLIO permission in addition to BOM_UPLOAD
+        and/or SCAN_UPLOAD. Permissions are defined in Dependency-Track.
+    </p>
 </div>