Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-33614] Add link to script approval when a rejection oc…
…curs

I don't *love* this, so feel free to critique/veto.
  • Loading branch information
abayer committed Feb 21, 2018
1 parent b3d7ea3 commit 7eddd97
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 0 deletions.
Expand Up @@ -2,13 +2,19 @@

import com.cloudbees.groovy.cps.Continuable;
import com.cloudbees.groovy.cps.Outcome;

import java.io.IOException;
import java.util.List;

import hudson.console.HyperlinkNote;
import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException;
import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox;
import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext;
import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;

import java.util.concurrent.Callable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;

/**
Expand Down Expand Up @@ -36,6 +42,13 @@ public Outcome call() {
RejectedAccessException x = findRejectedAccessException(outcome.getAbnormal());
if (x != null) {
ScriptApproval.get().accessRejected(x, ApprovalContext.create());
try {
e.getOwner().getListener().getLogger().println(x.getMessage() + ". " +
HyperlinkNote.encodeTo("/" + ScriptApproval.get().getUrlName(),
Messages.SandboxContinuable_ScriptApprovalLink()));
} catch (IOException ex) {
LOGGER.log(Level.WARNING, null, ex);
}
}
return outcome;
}
Expand All @@ -59,4 +72,5 @@ public Outcome call() {
}
}

private static final Logger LOGGER = Logger.getLogger(SandboxContinuable.class.getName());
}
@@ -1 +1,2 @@
Snippetizer.this_step_should_not_normally_be_used_in=This step should not normally be used in your script. Consult the inline help for details.
SandboxContinuable.ScriptApprovalLink=Administrators can click here to approve or reject this signature.
Expand Up @@ -25,6 +25,9 @@
package org.jenkinsci.plugins.workflow.cps;

import com.cloudbees.groovy.cps.CpsTransformer;
import com.gargoylesoftware.htmlunit.TextPage;
import com.gargoylesoftware.htmlunit.html.DomNodeUtil;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import hudson.Functions;
import hudson.model.Computer;
import hudson.model.Executor;
Expand All @@ -34,6 +37,8 @@
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.jenkinsci.plugins.workflow.test.steps.SemaphoreStep;

import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.*;

import org.junit.Assert;
Expand Down Expand Up @@ -177,6 +182,15 @@ public void sandboxInvokerUsed() throws Exception {

WorkflowRun r = jenkins.assertBuildStatus(Result.FAILURE, job.scheduleBuild2(0).get());
jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", r);
jenkins.assertLogContains("Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance. " + Messages.SandboxContinuable_ScriptApprovalLink(), r);

// make sure we see the annotation
HtmlPage rsp = jenkins.createWebClient().getPage(r, "console");
assertEquals(1, DomNodeUtil.selectNodes(rsp, "//A[@href='" + jenkins.contextPath + "/scriptApproval']").size());

// make sure raw console output doesn't include the garbage
TextPage raw = (TextPage)jenkins.createWebClient().goTo(r.getUrl()+"consoleText","text/plain");
assertThat(raw.getContent(), containsString(" getInstance. " + Messages.SandboxContinuable_ScriptApprovalLink()));
}

@Issue("SECURITY-551")
Expand Down

0 comments on commit 7eddd97

Please sign in to comment.