Fixed JENKINS-33883 by allowing .*/cc.xml instead of only root one.

jenkinsci · May 3, 2016 · 87ff4fc · 87ff4fc
1 parent 6259659
commit 87ff4fc
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java
@@ -164,7 +164,7 @@ public boolean hasPermission(Authentication a, Permission permission) {
                         log.finest("Granting READ access for github-webhook url: " + requestURI());
                         return true;
                     }
-                    if (allowCcTrayPermission && currentUriPathEquals("cc.xml")) {
+                    if (allowCcTrayPermission && currentUriPathEndsWithSegment("cc.xml")) {
                         log.finest("Granting READ access for cctray url: " + requestURI());
                         return true;
                     }
@@ -196,6 +196,15 @@ private boolean currentUriPathEquals( String specificPath ) {
         }
     }
 
+    private boolean currentUriPathEndsWithSegment( String segment ) {
+        String requestUri = requestURI();
+        if (requestUri != null) {
+          return requestUri.substring(requestUri.lastIndexOf('/') + 1).equals(segment);
+        } else {
+            return false;
+        }
+    }
+
     private String requestURI() {
         StaplerRequest currentRequest = Stapler.getCurrentRequest();
         return (currentRequest == null) ? null : currentRequest.getOriginalRequestURI();

diff --git a/src/main/resources/org/jenkinsci/plugins/GithubAuthorizationStrategy/config.jelly b/src/main/resources/org/jenkinsci/plugins/GithubAuthorizationStrategy/config.jelly
@@ -28,7 +28,7 @@
             <f:checkbox />
         </f:entry>
 
-        <f:entry title="Grant READ permissions for /cc.xml" field="allowCcTrayPermission" help="/plugin/github-oauth/help/auth/grant-read-to-cctray-help.html">
+        <f:entry title="Grant READ permissions for .*/cc.xml" field="allowCcTrayPermission" help="/plugin/github-oauth/help/auth/grant-read-to-cctray-help.html">
             <f:checkbox />
         </f:entry>
 

diff --git a/src/main/webapp/help/auth/grant-read-to-cctray-help.html b/src/main/webapp/help/auth/grant-read-to-cctray-help.html
@@ -1,5 +1,5 @@
 <div>
-Open a hole in security to allow unauthenticated access to /cc.xml at the root of the server.
+Open a hole in security to allow unauthenticated access to URLs ending with /cc.xml.
 This URI provides <a href="https://wiki.jenkins-ci.org/display/JENKINS/Monitoring+Jenkins">monitoring capability</a>
 to a range of desktop clients.