Skip to content

Commit

Permalink
[FIXED JENKINS-27535] Integrated with Script Security plugin.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ikedam
ikedam committed May 8, 2016
1 parent ce15188 commit a4f6eb1
Show file tree
Hide file tree
Showing 10 changed files with 236 additions and 173 deletions.
48 changes: 46 additions & 2 deletions pom.xml
View file
Expand Up @@ -3,12 +3,12 @@
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>1.466</version><!-- which version of Jenkins is this plugin built against? -->
<version>1.509</version><!-- which version of Jenkins is this plugin built against? -->
</parent>

<groupId>jp.ikedam.jenkins.plugins</groupId>
<artifactId>groovy-label-assignment</artifactId>
<version>1.1.2-SNAPSHOT</version>
<version>1.2.0-SNAPSHOT</version>
<packaging>hpi</packaging>
<name>Groovy Label Assignment plugin</name>
<description>Jenkins plugin to set label dynamically with groovy scripts.</description>
Expand Down Expand Up @@ -36,6 +36,36 @@
</license>
</licenses>

<dependencies>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>script-security</artifactId>
<version>1.16</version>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.jenkins-ci.tools</groupId>
<artifactId>maven-hpi-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<compatibleSinceVersion>1.4.0</compatibleSinceVersion>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<xmlOutput>true</xmlOutput>
<failOnError>false</failOnError>
</configuration>
</plugin>
</plugins>
</build>

<!-- get every artifact through repo.jenkins-ci.org, which proxies all the artifacts that we need -->
<repositories>
<repository>
Expand All @@ -51,6 +81,20 @@
</pluginRepository>
</pluginRepositories>

<!-- INFRA-588 -->
<distributionManagement>
<repository>
<id>central</id>
<name>jenkinsci-releases</name>
<url>https://repo.jenkins-ci.org/releases</url>
</repository>
<snapshotRepository>
<id>snapshots</id>
<name>jenkinsci-snapshots</name>
<url>https://repo.jenkins-ci.org/snapshots</url>
</snapshotRepository>
</distributionManagement>

<properties>
<!--
explicitly specifying the latest version here because one we get from the parent POM
Expand Down
81 changes: 40 additions & 41 deletions ...java/jp/ikedam/jenkins/plugins/groovy_label_assignment/GroovyLabelAssignmentProperty.java
View file
Expand Up @@ -23,23 +23,24 @@
*/
package jp.ikedam.jenkins.plugins.groovy_label_assignment;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;

import jenkins.model.Jenkins;
import net.sf.json.JSONObject;

import org.apache.commons.lang.StringUtils;
import org.codehaus.groovy.control.CompilationFailedException;
import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript;
import org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

import antlr.ANTLRException;

import groovy.lang.Binding;
import groovy.lang.GroovyShell;
import hudson.EnvVars;
import hudson.Extension;
import hudson.Util;
Expand All @@ -52,10 +53,8 @@
import hudson.model.EnvironmentContributingAction;
import hudson.model.JobProperty;
import hudson.model.JobPropertyDescriptor;
import hudson.model.Label;
import hudson.model.labels.LabelAssignmentAction;
import hudson.model.labels.LabelExpression;
import hudson.util.FormValidation;

/**
* JobProperty that holds configuration for GroovyLabelAssignment.
Expand All @@ -69,37 +68,54 @@ public class GroovyLabelAssignmentProperty extends JobProperty<AbstractProject<?

static private final Logger LOGGER = Logger.getLogger(GroovyLabelAssignmentProperty.class.getName());

private String groovyScript;
@Deprecated
private transient String groovyScript;

private final SecureGroovyScript secureGroovyScript;

/**
* @return the Groovy Script
* @deprecated use {@link #getSecureGroovyScript()} instead
*/
@Deprecated
public String getGroovyScript()
{
return groovyScript;
}

/**
* Set the Groovy script.
*
* For testing purpose.
*
* @param groovyScript the Groovy script to set
* @return
* @since 1.2.0
*/
public void setGroovyScript(String groovyScript)
public SecureGroovyScript getSecureGroovyScript()
{
this.groovyScript = groovyScript;
return secureGroovyScript;
}

/**
* Constructor from the form input.
*
* @param groovyScript
* @param secureGroovyScript
* @since 1.2.0
*/
@DataBoundConstructor
public GroovyLabelAssignmentProperty(SecureGroovyScript secureGroovyScript)
{
this.secureGroovyScript = (secureGroovyScript != null) ? secureGroovyScript.configuringWithNonKeyItem() : null;
}

public GroovyLabelAssignmentProperty(String groovyScript)
{
this.groovyScript = groovyScript;
this(new SecureGroovyScript(groovyScript, true, Collections.<ClasspathEntry>emptyList()));
}

private Object readResolve() {
if (groovyScript != null)
{
// < 1.2.0
return new GroovyLabelAssignmentProperty(groovyScript);
}
return this;
}

/**
Expand All @@ -112,19 +128,26 @@ public GroovyLabelAssignmentProperty(String groovyScript)
*/
public boolean assignLabel(AbstractProject<?, ?> project, List<Action> actions)
{
if(StringUtils.isBlank(getGroovyScript()))
if(getSecureGroovyScript() == null)
{
// groovyScript is not configured collectlt.
LOGGER.severe(String.format("%s: GroovyScript is not configured.", project.getName()));
return false;
}

Jenkins jenkins = Jenkins.getInstance();
ClassLoader cl = (jenkins != null) ? jenkins.getPluginManager().uberClassLoader : null;

if (cl == null) {
cl = Thread.currentThread().getContextClassLoader();
}

// Run groovy script.
Object out;
try
{
Binding binding = createBinding(project, actions);
out = new GroovyShell(binding).evaluate(getGroovyScript());
out = getSecureGroovyScript().evaluate(cl, binding);
}
catch(Exception e)
{
Expand Down Expand Up @@ -265,29 +288,5 @@ public JobProperty<?> newInstance(

return req.bindJSON(clazz, form);
}

/**
* Do syntax check of a Groovy script.
*
* @param groovyScript
* @return FormValidation object.
*/
public FormValidation doCheckGroovyScript(@QueryParameter String groovyScript)
{
if(StringUtils.isBlank(groovyScript))
{
return FormValidation.error(Messages.GroovyLabelAssignmentProperty_groovyScript_required());
}

try
{
new GroovyShell().parse(groovyScript);
}
catch(CompilationFailedException e)
{
return FormValidation.error(e.getMessage());
}
return FormValidation.ok();
}
}
}
5 changes: 2 additions & 3 deletions ...ikedam/jenkins/plugins/groovy_label_assignment/GroovyLabelAssignmentProperty/config.jelly
View file
Expand Up @@ -24,8 +24,7 @@ THE SOFTWARE.
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<f:optionalBlock name="groovy_label_assignment" title="${%Groovy script to restrict where this project can be run}" checked="${instance != null}">
<f:entry title="${%Groovy Script}" field="groovyScript">
<f:textarea />
</f:entry>
<f:entry field="groovyScript" title="${%About Groovy Script}" /> <!-- just for help-groovyScript.html -->
<f:property field="secureGroovyScript" />
</f:optionalBlock>
</j:jelly>
4 changes: 2 additions & 2 deletions ...enkins/plugins/groovy_label_assignment/GroovyLabelAssignmentProperty/config_ja.properties
View file
Expand Up @@ -23,5 +23,5 @@

# Groovy\ script\ to\ restrict\ where\ this\ project\ can\ be\ run=Groovy スクリプトで実行するノードを制限
Groovy\ script\ to\ restrict\ where\ this\ project\ can\ be\ run=Groovy \u30b9\u30af\u30ea\u30d7\u30c8\u3067\u5b9f\u884c\u3059\u308b\u30ce\u30fc\u30c9\u3092\u5236\u9650
# Groovy\ Script=Groovy スクリプト
Groovy\ Script=Groovy \u30b9\u30af\u30ea\u30d7\u30c8
# About\ Groovy\ Script=Groovy スクリプトについて
About\ Groovy\ Script=Groovy \u30b9\u30af\u30ea\u30d7\u30c8\u306b\u3064\u3044\u3066
2 changes: 1 addition & 1 deletion ...kins/plugins/groovy_label_assignment/GroovyLabelAssignmentProperty/help-groovyScript.html
View file
Expand Up @@ -56,6 +56,6 @@

Example3-----------------------------------------------------------------------------
// Decides the node to run on for its job name.
["win", "linux"].find(currentJob.name.contains(it))
["win", "linux"].find { it -> currentJob.name.contains(it) }
</code>
</div>
2 changes: 1 addition & 1 deletion ...s/plugins/groovy_label_assignment/GroovyLabelAssignmentProperty/help-groovyScript_ja.html
View file
Expand Up @@ -51,6 +51,6 @@

Example3-----------------------------------------------------------------------------
// ジョブの名称から実行するノードを決定します。
["win", "linux"].find(currentJob.name.contains(it))
["win", "linux"].find { it -> currentJob.name.contains(it) }
</code>
</div>
39 changes: 1 addition & 38 deletions ...a/jp/ikedam/jenkins/plugins/groovy_label_assignment/GroovyLabelAssignmentJenkinsRule.java
View file
Expand Up @@ -31,16 +31,13 @@
import hudson.Functions;
import hudson.Util;
import hudson.PluginWrapper;
import hudson.matrix.MatrixProject;
import hudson.model.FreeStyleProject;
import hudson.model.Node;
import hudson.model.labels.LabelAtom;
import hudson.slaves.DumbSlave;
import hudson.util.IOUtils;

import org.junit.Before;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.TestEnvironment;
import org.jvnet.hudson.test.TestPluginManager;

/**
Expand Down Expand Up @@ -104,26 +101,13 @@ protected void after()
e.printStackTrace();
}
super.after();
// Jenkins < 1.482, JenkinsRule leaves temporary directories.
if(TestEnvironment.get() != null)
{
try
{
TestEnvironment.get().dispose();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}

private void removeSlaves() throws ExecutionException, InterruptedException, IOException
{
// In Jenkins < 1.441, log files of slave nodes are not closed here,
// In Jenkins < 1.520, log files of slave nodes are not closed here,
// so tearDown fails in Windows.
// Close files to avoid this failure.
// NOTE: This seems happen even with 1.466...
if(Functions.isWindows()) {
for(Node node: Jenkins.getInstance().getNodes()) {
if(!(node instanceof DumbSlave))
Expand All @@ -138,27 +122,6 @@ private void removeSlaves() throws ExecutionException, InterruptedException, IOE
}
}
}

@Override
public FreeStyleProject createFreeStyleProject() throws IOException
{
// createFreeStyleProject is protected with Jenkins < 1.479
return super.createFreeStyleProject();
}

@Override
public FreeStyleProject createFreeStyleProject(String name) throws IOException
{
// createFreeStyleProject is protected with Jenkins < 1.479
return super.createFreeStyleProject(name);
}

@Override
public MatrixProject createMatrixProject() throws IOException
{
// createMatrixProject is protected with Jenkins < 1.479
return super.createMatrixProject();
}

public DumbSlave createOnlineSlave(String labelString) throws Exception
{
Expand Down

0 comments on commit a4f6eb1

Please sign in to comment.