[JENKINS-49027] Better report JEP-200 violations in Remoting (#247)

* [JENKINS-49027] Better report JEP-200 violations in Remoting. * Updated test to look for nested causes.
jenkinsci · Jan 30, 2018 · 9e6472f · 9e6472f
1 parent f266511
commit 9e6472f
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 13 deletions.
diff --git a/src/main/java/hudson/remoting/Channel.java b/src/main/java/hudson/remoting/Channel.java
@@ -47,7 +47,6 @@
 import java.lang.ref.WeakReference;
 import java.net.URL;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.Date;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -910,13 +909,11 @@ V call(Callable<V,T> callable) throws IOException, T, InterruptedException {
 
         // re-wrap the exception so that we can capture the stack trace of the caller.
         } catch (ClassNotFoundException e) {
-            IOException x = new IOException("Remote call on "+name+" failed");
-            x.initCause(e);
-            throw x;
+            throw new IOException("Remote call on " + name + " failed", e);
         } catch (Error e) {
-            IOException x = new IOException("Remote call on "+name+" failed");
-            x.initCause(e);
-            throw x;
+            throw new IOException("Remote call on " + name + " failed", e);
+        } catch (SecurityException e) {
+            throw new IOException("Failed to deserialize response to " + request + ": " + e, e);
         } finally {
             // since this is synchronous operation, when the round trip is over
             // we assume all the exported objects are out of scope.

diff --git a/src/main/java/hudson/remoting/ClassFilter.java b/src/main/java/hudson/remoting/ClassFilter.java
@@ -60,8 +60,9 @@ public boolean isBlacklisted(@Nonnull Class c) {
      * @throws SecurityException if it is blacklisted
      */
 	public final String check(String name) {
-		if (isBlacklisted(name))
-			throw new SecurityException("Rejected: " +name);
+        if (isBlacklisted(name)) {
+            throw new SecurityException("Rejected: " + name + "; see https://jenkins.io/redirect/class-filter/");
+        }
 		return name;
 	}
 
@@ -71,8 +72,9 @@ public final String check(String name) {
      * @throws SecurityException if it is blacklisted
      */
 	public final Class check(Class c) {
-		if (isBlacklisted(c))
-			throw new SecurityException("Rejected: " +c.getName());
+        if (isBlacklisted(c)) {
+            throw new SecurityException("Rejected: " + c.getName() + "; see https://jenkins.io/redirect/class-filter/");
+        }
 		return c;
 	}
 

diff --git a/src/test/java/hudson/remoting/ChannelFilterTest.java b/src/test/java/hudson/remoting/ChannelFilterTest.java
@@ -62,11 +62,20 @@ public <V, T extends Throwable> hudson.remoting.Callable<V, T> userRequest(hudso
         try {
             channel.call(new ReverseGunImporter());
             fail("should have failed");
-        } catch (SecurityException e) {
-            assertEquals("Rejecting "+GunImporter.class.getName(),e.getMessage());
+        } catch (Exception e) {
+            assertEquals("Rejecting "+GunImporter.class.getName(), findSecurityException(e).getMessage());
 //            e.printStackTrace();
         }
     }
+    private static SecurityException findSecurityException(Throwable x) {
+        if (x instanceof SecurityException) {
+            return (SecurityException) x;
+        } else if (x == null) {
+            throw new AssertionError("no SecurityException detected");
+        } else {
+            return findSecurityException(x.getCause());
+        }
+    }
 
     /*
         Option 1: