Skip to content

Commit

Permalink
[JEP-200] [JENKINS-47736] Merged #3120: ClassFilterImpl
Browse files Browse the repository at this point in the history
  • Loading branch information
@jglick
jglick committed Jan 12, 2018
2 parents deeab3a + 47be7c3 commit cb4903c
Show file tree
Hide file tree
Showing 19 changed files with 924 additions and 37 deletions.
4 changes: 4 additions & 0 deletions core/src/main/java/hudson/PluginManager.java
View file
Expand Up @@ -150,6 +150,7 @@
import static java.util.logging.Level.INFO;
import static java.util.logging.Level.SEVERE;
import static java.util.logging.Level.WARNING;
import jenkins.security.CustomClassFilter;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

Expand Down Expand Up @@ -867,6 +868,9 @@ public void dynamicLoad(File arc, boolean removeExisting) throws IOException, In
((UberClassLoader) uberClassLoader).loaded.clear();
}

// TODO antimodular; perhaps should have a PluginListener to complement ExtensionListListener?
CustomClassFilter.Contributed.load();

try {
p.resolvePluginDependencies();
strategy.load(p);
Expand Down
20 changes: 11 additions & 9 deletions core/src/main/java/hudson/util/XStream2.java
View file
Expand Up @@ -75,6 +75,7 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;

Expand Down Expand Up @@ -526,27 +527,28 @@ class PluginClassOwnership implements ClassOwnership {
private static class BlacklistedTypesConverter implements Converter {
@Override
public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {
throw new UnsupportedOperationException("Refusing to marshal " + source.getClass().getName() + " for security reasons");
throw new UnsupportedOperationException("Refusing to marshal " + source.getClass().getName() + " for security reasons; see https://jenkins.io/redirect/class-filter/");
}

@Override
public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {
throw new ConversionException("Refusing to unmarshal " + reader.getNodeName() + " for security reasons");
throw new ConversionException("Refusing to unmarshal " + reader.getNodeName() + " for security reasons; see https://jenkins.io/redirect/class-filter/");
}

/** TODO see comment in {@code whitelisted-classes.txt} */
private static final Pattern JRUBY_PROXY = Pattern.compile("org[.]jruby[.]proxy[.].+[$]Proxy\\d+");

@Override
public boolean canConvert(Class type) {
if (type == null) {
return false;
}
try {
ClassFilter.DEFAULT.check(type);
ClassFilter.DEFAULT.check(type.getName());
} catch (SecurityException se) {
// claim we can convert all the scary stuff so we can throw exceptions when attempting to do so
return true;
String name = type.getName();
if (JRUBY_PROXY.matcher(name).matches()) {
return false;
}
return false;
// claim we can convert all the scary stuff so we can throw exceptions when attempting to do so
return ClassFilter.DEFAULT.isBlacklisted(name) || ClassFilter.DEFAULT.isBlacklisted(type);
}
}
}
1 change: 1 addition & 0 deletions core/src/main/java/jenkins/MasterToSlaveFileCallable.java
View file
Expand Up @@ -8,6 +8,7 @@
* {@link FileCallable}s that are meant to be only used on the master.
*
* @since 1.587 / 1.580.1
* @param <T> the return type; note that this must either be defined in your plugin or included in the stock JEP-200 whitelist
*/
public abstract class MasterToSlaveFileCallable<T> implements FileCallable<T> {
@Override
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/java/jenkins/SlaveToMasterFileCallable.java
View file
Expand Up @@ -6,7 +6,7 @@

/**
* {@link FileCallable}s that can be executed on the master, sent by the agent.
*
* Note that any serializable fields must either be defined in your plugin or included in the stock JEP-200 whitelist.
* @since 1.587 / 1.580.1
*/
public abstract class SlaveToMasterFileCallable<T> implements FileCallable<T> {
Expand Down
10 changes: 3 additions & 7 deletions core/src/main/java/jenkins/model/Jenkins.java
View file
Expand Up @@ -106,7 +106,6 @@
import hudson.model.listeners.SCMListener;
import hudson.model.listeners.SaveableListener;
import hudson.remoting.Callable;
import hudson.remoting.ClassFilter;
import hudson.remoting.LocalChannel;
import hudson.remoting.VirtualChannel;
import hudson.scm.RepositoryBrowser;
Expand Down Expand Up @@ -181,6 +180,7 @@
import jenkins.install.InstallState;
import jenkins.install.SetupWizard;
import jenkins.model.ProjectNamingStrategy.DefaultProjectNamingStrategy;
import jenkins.security.ClassFilterImpl;
import jenkins.security.ConfidentialKey;
import jenkins.security.ConfidentialStore;
import jenkins.security.SecurityListener;
Expand Down Expand Up @@ -283,7 +283,6 @@
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

import static hudson.Util.*;
Expand Down Expand Up @@ -894,11 +893,7 @@ protected Jenkins(File root, ServletContext context, PluginManager pluginManager

adjuncts = new AdjunctManager(servletContext, pluginManager.uberClassLoader,"adjuncts/"+SESSION_HASH, TimeUnit.DAYS.toMillis(365));

try {
ClassFilter.appendDefaultFilter(Pattern.compile("java[.]security[.]SignedObject")); // TODO move to standard blacklist
} catch (ClassFilter.ClassFilterException ex) {
throw new IOException("Remoting library rejected the java[.]security[.]SignedObject blacklist pattern", ex);
}
ClassFilterImpl.register();

// initialization consists of ...
executeReactor( is,
Expand Down Expand Up @@ -3246,6 +3241,7 @@ public void cleanUp() {
if (JenkinsJVM.isJenkinsJVM()) {
JenkinsJVMAccess._setJenkinsJVM(oldJenkinsJVM);
}
ClassFilterImpl.unregister();
}
}

Expand Down

0 comments on commit cb4903c

Please sign in to comment.