Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
JENKINS-25035 Guard against credentials leak
  • Loading branch information
gdubya committed Jan 8, 2016
1 parent b3c0a07 commit 7d945be
Showing 1 changed file with 27 additions and 20 deletions.
47 changes: 27 additions & 20 deletions src/main/java/jenkins/plugins/mqttnotification/MqttNotifier.java
Expand Up @@ -10,6 +10,7 @@
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.BuildStepMonitor;
Expand All @@ -24,6 +25,7 @@
import org.eclipse.paho.client.mqttv3.MqttConnectOptions;
import org.eclipse.paho.client.mqttv3.MqttException;
import org.eclipse.paho.client.mqttv3.persist.MqttDefaultFilePersistence;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
Expand Down Expand Up @@ -128,13 +130,13 @@ public boolean needsToRunAfterFinalized() {

public static StandardUsernamePasswordCredentials lookupSystemCredentials(String credentialsId) {
return CredentialsMatchers.firstOrNull(
CredentialsProvider.lookupCredentials(
StandardUsernamePasswordCredentials.class,
Jenkins.getInstance(),
ACL.SYSTEM,
new ArrayList<DomainRequirement>()
),
CredentialsMatchers.withId(credentialsId)
CredentialsProvider.lookupCredentials(
StandardUsernamePasswordCredentials.class,
Jenkins.getInstance(),
ACL.SYSTEM,
new ArrayList<DomainRequirement>()
),
CredentialsMatchers.withId(credentialsId)
);
}

Expand All @@ -152,10 +154,10 @@ public boolean perform(final AbstractBuild build, final Launcher launcher, final
}
mqtt.connect(mqttConnectOptions);
mqtt.publish(
replaceVariables(getTopic(), build),
replaceVariables(getMessage(), build).getBytes(),
getQos(),
isRetainMessage()
replaceVariables(getTopic(), build),
replaceVariables(getMessage(), build).getBytes(),
getQos(),
isRetainMessage()
);
mqtt.disconnect();
} catch (final MqttException me) {
Expand Down Expand Up @@ -184,8 +186,9 @@ public ListBoxModel doFillQosItems() {
return items;
}

public FormValidation doTestConnection(@QueryParameter("brokerUrl") final String brokerUrl, @QueryParameter("credentialsId") final String credentialsId)
throws IOException, ServletException {
public FormValidation doTestConnection(@QueryParameter("brokerUrl") final String brokerUrl,
@QueryParameter("credentialsId") final String credentialsId)
throws IOException, ServletException {
if (brokerUrl == null || brokerUrl.trim().isEmpty()) {
return FormValidation.error("Broker URL must not be empty");
}
Expand All @@ -211,15 +214,19 @@ public FormValidation doTestConnection(@QueryParameter("brokerUrl") final String
}
}

public ListBoxModel doFillCredentialsIdItems() {
return new StandardUsernameListBoxModel().withEmptySelection().withAll(
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item context) {
return context != null && context.hasPermission(Item.CONFIGURE)
? new StandardUsernameListBoxModel()
.withEmptySelection()
.withAll(
CredentialsProvider.lookupCredentials(
StandardUsernamePasswordCredentials.class,
Jenkins.getInstance(),
ACL.SYSTEM,
new ArrayList<DomainRequirement>()
StandardUsernamePasswordCredentials.class,
context,
ACL.SYSTEM,
new ArrayList<DomainRequirement>()
)
);
)
: new ListBoxModel();
}

public boolean isApplicable(Class<? extends AbstractProject> aClass) {
Expand Down

0 comments on commit 7d945be

Please sign in to comment.