Skip to content

Commit

Permalink
[JENKINS-25033] prevent credentials leak
Browse files Browse the repository at this point in the history
  • Loading branch information
@ndeloof
ndeloof committed Sep 16, 2017
1 parent f789905 commit 84fa7fd
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerCloud.java
View file
Expand Up @@ -37,6 +37,7 @@
import hudson.model.Label;
import hudson.model.Node;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.slaves.Cloud;
import hudson.slaves.NodeProvisioner;
import hudson.util.FormValidation;
Expand Down Expand Up @@ -711,6 +712,11 @@ public FormValidation doTestConnection(

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context) {

AccessControlled ac = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance());
if (!ac.hasPermission(Jenkins.ADMINISTER)) {
return new ListBoxModel();
}

List<StandardCertificateCredentials> credentials = CredentialsProvider.lookupCredentials(StandardCertificateCredentials.class, context, ACL.SYSTEM,Collections.<DomainRequirement>emptyList());
List<DockerDirectoryCredentials> c2 = CredentialsProvider.lookupCredentials(DockerDirectoryCredentials.class, context, ACL.SYSTEM,Collections.<DomainRequirement>emptyList());

Expand Down
6 changes: 6 additions & 0 deletions docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerRegistry.java
View file
Expand Up @@ -13,6 +13,7 @@

import hudson.model.ItemGroup;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.util.ListBoxModel;
import jenkins.model.Jenkins;
import org.kohsuke.stapler.AncestorInPath;
Expand Down Expand Up @@ -63,6 +64,11 @@ public String getDisplayName() {
}

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context) {
AccessControlled ac = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance());
if (!ac.hasPermission(Jenkins.ADMINISTER)) {
return new ListBoxModel();
}


List<StandardUsernamePasswordCredentials> credentials = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, context, ACL.SYSTEM, Collections.<DomainRequirement>emptyList());

Expand Down
7 changes: 7 additions & 0 deletions docker-plugin/src/main/java/com/nirima/jenkins/plugins/docker/DockerTemplateBase.java
View file
Expand Up @@ -24,6 +24,7 @@
import hudson.model.ItemGroup;
import hudson.plugins.sshslaves.SSHLauncher;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import jenkins.model.Jenkins;
Expand Down Expand Up @@ -521,6 +522,12 @@ public FormValidation doCheckExtraHostsString(@QueryParameter String extraHostsS


public static ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context) {

AccessControlled ac = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance());
if (!ac.hasPermission(Jenkins.ADMINISTER)) {
return new ListBoxModel();
}

return new SSHUserListBoxModel().withMatching(
SSHAuthenticator.matcher(Connection.class),
CredentialsProvider.lookupCredentials(
Expand Down
6 changes: 6 additions & 0 deletions ...gin/src/main/java/com/nirima/jenkins/plugins/docker/builder/DockerBuilderNewTemplate.java
View file
Expand Up @@ -15,6 +15,7 @@
import hudson.model.ItemGroup;
import hudson.plugins.sshslaves.SSHLauncher;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.slaves.Cloud;
import hudson.slaves.RetentionStrategy;
import hudson.tasks.BuildStepDescriptor;
Expand Down Expand Up @@ -164,6 +165,11 @@ public String getDisplayName() {

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup context) {

AccessControlled ac = (context instanceof AccessControlled ? (AccessControlled) context : Jenkins.getInstance());
if (!ac.hasPermission(Jenkins.ADMINISTER)) {
return new ListBoxModel();
}

return new SSHUserListBoxModel().withMatching(SSHAuthenticator.matcher(Connection.class),
CredentialsProvider.lookupCredentials(StandardUsernameCredentials.class, context,
ACL.SYSTEM, SSHLauncher.SSH_SCHEME));
Expand Down

0 comments on commit 84fa7fd

Please sign in to comment.