@RequirePOST public JSON doCheckScriptCompile(@AncestorInPath Item job, @QueryParameter String value) { return Jenkins.get().getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class).doCheckScriptCompile(job, value); }
@Issue("SECURITY-1266") @Test public void configureRequired() throws Exception { CpsFlowDefinition.DescriptorImpl d = r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class); r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); // Set up an administrator, and three developer users with varying levels of access. r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy(). grant(Jenkins.ADMINISTER).everywhere().to("admin"). grant(Jenkins.READ, Item.CONFIGURE).everywhere().to("dev1"). grant(Jenkins.READ).everywhere().to("dev2")); WorkflowJob job = r.jenkins.createProject(WorkflowJob.class, "w"); try (ACLContext context = ACL.as(User.getById("admin", true))) { assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("fail")); } try (ACLContext context = ACL.as(User.getById("dev1", true))) { assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("fail")); } try (ACLContext context = ACL.as(User.getById("dev2", true))) { assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("success")); } } }
@Issue("SECURITY-1266") @Test public void blockASTTest() throws Exception { CpsFlowDefinition.DescriptorImpl d = r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class); WorkflowJob job = r.jenkins.createProject(WorkflowJob.class, "w"); assertThat(d.doCheckScriptCompile(job, "import groovy.transform.*\n" + "import jenkins.model.Jenkins\n" + "import org.jenkinsci.plugins.workflow.job.WorkflowJob\n" + "@ASTTest(value={ assert Jenkins.get().createProject(WorkflowJob.class, \"should-not-exist\") })\n" + "@Field int x\n" + "echo 'hello'\n").toString(), containsString("Annotation ASTTest cannot be used in the sandbox")); assertNull(r.jenkins.getItem("should-not-exist")); }
@Test public void doCheckScriptCompile() throws Exception { CpsFlowDefinition.DescriptorImpl d = r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class); WorkflowJob job = r.jenkins.createProject(WorkflowJob.class, "w"); assertThat(d.doCheckScriptCompile(job, "echo 'hello'").toString(), containsString("\"success\"")); assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("\"fail\"")); }
@Issue("SECURITY-1266") @Test public void blockGrab() throws Exception { CpsFlowDefinition.DescriptorImpl d = r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class); WorkflowJob job = r.jenkins.createProject(WorkflowJob.class, "w"); assertThat(d.doCheckScriptCompile(job, "@Grab(group='foo', module='bar', version='1.0')\n" + "def foo\n").toString(), containsString("Annotation Grab cannot be used in the sandbox")); }