From 302f6bfcd6487bb631840cb831208f9f0e024698 Mon Sep 17 00:00:00 2001 From: monwolf Date: Tue, 7 Feb 2023 20:21:01 +0100 Subject: [PATCH 1/3] Fix CVE-2019-10474 --- .../orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java index 40ee084..08bfbd8 100644 --- a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java +++ b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java @@ -226,6 +226,7 @@ public DescriptorImpl() { } public FormValidation doCheckScript(@QueryParameter("script") String name) throws IOException, ServletException { + Jenkins.get().checkPermission(Jenkins.ADMINISTER); if (StringUtils.isEmpty(name)) { return FormValidation.error("Please set the script name"); } From 32072e106992583d5a2e4fe03eba2820365376a2 Mon Sep 17 00:00:00 2001 From: monwolf Date: Tue, 7 Feb 2023 20:47:11 +0100 Subject: [PATCH 2/3] update minimal jenkins version remove deprecated calls to jenkins api --- pom.xml | 10 ++++------ .../plugin/globalpostscript/GlobalPostScript.java | 12 ++++++------ .../globalpostscript/GlobalPostScriptAction.java | 2 +- .../globalpostscript/runner/GroovyScriptRunner.java | 9 ++++++--- .../plugin/globalpostscript/runner/ScriptRunner.java | 8 ++++---- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/pom.xml b/pom.xml index c564c5e..1455e8a 100644 --- a/pom.xml +++ b/pom.xml @@ -4,11 +4,11 @@ org.jenkins-ci.plugins plugin - 4.37 + 4.54 global-post-script - 1.1.5-SNAPSHOT + 1.1.6-SNAPSHOT hpi https://wiki.jenkins-ci.org/display/JENKINS/Global+Post+Script+Plugin @@ -23,8 +23,7 @@ UTF-8 - 8 - 2.303.3 + 2.375.2 @@ -65,7 +64,6 @@ org.apache.maven.plugins maven-release-plugin - 2.5 deploy @@ -82,7 +80,7 @@ org.codehaus.plexus plexus-utils - 3.0.10 + 3.0.16 junit diff --git a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java index 08bfbd8..30b8baf 100644 --- a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java +++ b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScript.java @@ -54,7 +54,7 @@ public void onCompleted(Run run, TaskListener listener) { } String script = getDescriptorImpl().getScript(); - File file = new File(Jenkins.getInstance().getRootDir().getAbsolutePath() + SCRIPT_FOLDER, script); + File file = new File(Jenkins.get().getRootDir().getAbsolutePath() + SCRIPT_FOLDER, script); if (file.exists()) { try { BadgeManager manager = new BadgeManager(run, listener); @@ -83,7 +83,7 @@ public Descriptor getDescriptor() { } public DescriptorImpl getDescriptorImpl() { - return (DescriptorImpl) Jenkins.getInstance().getDescriptorOrDie(GlobalPostScript.class); + return (DescriptorImpl) Jenkins.get().getDescriptorOrDie(GlobalPostScript.class); } @SuppressWarnings("unchecked") @@ -141,11 +141,11 @@ public void triggerJob(String jobName, Map params) { for (Map.Entry entry : params.entrySet()) { newParams.add(new StringParameterValue(entry.getKey(), entry.getValue())); } - AbstractProject job = Jenkins.getInstance().getItem(jobName, run.getParent().getParent(), AbstractProject.class); + AbstractProject job = Jenkins.get().getItem(jobName, run.getParent().getParent(), AbstractProject.class); if (null != job) { Cause cause = new Cause.UpstreamCause(run); boolean scheduled = job.scheduleBuild(job.getQuietPeriod(), cause, new ParametersAction(newParams)); - if (Jenkins.getInstance().getItemByFullName(job.getFullName()) == job) { + if (Jenkins.get().getItemByFullName(job.getFullName()) == job) { String name = ModelHyperlinkNote.encodeTo(job) + " " + ModelHyperlinkNote.encodeTo( job.getAbsoluteUrl() + job.getNextBuildNumber() + "/", @@ -201,7 +201,7 @@ public String getCause() { } } - String rootUrl = Jenkins.getInstance().getRootUrl(); + String rootUrl = Jenkins.get().getRootUrl(); if (StringUtils.isNotEmpty(rootUrl)) { cause.append("on ").append(rootUrl).append(" "); } @@ -239,7 +239,7 @@ public FormValidation doCheckScript(@QueryParameter("script") String name) throw public ComboBoxModel doFillScriptItems() { ComboBoxModel items = new ComboBoxModel(); - File scriptFolder = new File(Jenkins.getInstance().getRootDir().getAbsolutePath() + SCRIPT_FOLDER); + File scriptFolder = new File(Jenkins.get().getRootDir().getAbsolutePath() + SCRIPT_FOLDER); FilenameFilter filter = new FilenameFilter() { public boolean accept(File dir, String name) { String fileName = name.toLowerCase(); diff --git a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScriptAction.java b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScriptAction.java index d1597f8..80dc315 100644 --- a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScriptAction.java +++ b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/GlobalPostScriptAction.java @@ -33,7 +33,7 @@ private static String getIconPath(String icon) { return null; } - PluginWrapper wrapper = Jenkins.getInstance().getPluginManager().getPlugin(GlobalPostScriptPlugin.class); + PluginWrapper wrapper = Jenkins.get().getPluginManager().getPlugin(GlobalPostScriptPlugin.class); boolean pluginIconExists = (wrapper != null) && new File(wrapper.baseResourceURL.getPath() + "/img/" + icon).exists(); return pluginIconExists ? "/plugin/global-post-script/img/" + icon : Jenkins.RESOURCE_PATH + "/images/16x16/" + icon; } diff --git a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/GroovyScriptRunner.java b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/GroovyScriptRunner.java index 0e69c26..a2801b5 100644 --- a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/GroovyScriptRunner.java +++ b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/GroovyScriptRunner.java @@ -42,11 +42,14 @@ public void run(File scriptFile, } protected ClassLoader getGroovyClassloader() { - if (null == Jenkins.getInstance()) { + try { + Jenkins.get(); + } + catch (IllegalStateException e){ return getParentClassloader(); } - - File libFolder = new File(Jenkins.getInstance().getRootDir().getAbsolutePath() + GlobalPostScript.SCRIPT_FOLDER, "lib"); + + File libFolder = new File(Jenkins.get().getRootDir().getAbsolutePath() + GlobalPostScript.SCRIPT_FOLDER, "lib"); return getGroovyClassloader(libFolder); } diff --git a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/ScriptRunner.java b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/ScriptRunner.java index 113f372..a3b4032 100644 --- a/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/ScriptRunner.java +++ b/src/main/java/com/orctom/jenkins/plugin/globalpostscript/runner/ScriptRunner.java @@ -1,7 +1,6 @@ package com.orctom.jenkins.plugin.globalpostscript.runner; import com.orctom.jenkins.plugin.globalpostscript.GlobalPostScript; -import groovy.lang.GroovyClassLoader; import hudson.model.TaskListener; import jenkins.model.Jenkins; @@ -24,9 +23,10 @@ protected void println(TaskListener listener, String message) { } protected ClassLoader getParentClassloader() { - if (null != Jenkins.getInstance()) { - return Jenkins.getInstance().getPluginManager().uberClassLoader; - } else { + try { + return Jenkins.get().getPluginManager().uberClassLoader; + } + catch (IllegalStateException e){ return Thread.currentThread().getContextClassLoader(); } } From 85a2a6937eaaa060c2814e5a1075b879a2ff90c6 Mon Sep 17 00:00:00 2001 From: monwolf Date: Tue, 7 Feb 2023 20:56:05 +0100 Subject: [PATCH 3/3] change build config --- Jenkinsfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 45b40fb..cfe650d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,2 +1,5 @@ -buildPlugin(configurations: buildPlugin.recommendedConfigurations()) - +buildPlugin( + configurations: [ + [platform: 'linux', jdk: 11], + [platform: 'windows', jdk: 11], +])