Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16877

In Jenkins v1.480.3 encoding problems occur for XML api using a XPath function as leaf

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Major Major
    • core
    • None
    • Windows XP, Jenkins v 1.480.3 (Long Term Support)

      I'm extracting the latest build number of a job in a brute force way. Jobs using this functionality are failing after upgrading Jenkins from version 1.480.2 to 1.480.3. My problem occurs specifically when I use the XML API (https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API) and XPath expressions containing the function text().
      Compare the following request:
      Request 1) $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/
      Response 1) <concurrentBuild>false</concurrentBuild>
      w
      Request 2) $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text()
      Response 2)
      The latter yields 403 Forbidden with no result when i try to fetch response with wget:

      [user@host ~]$ wget $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text%28%29 -O wgetresponse
      -2013-02-19 12:54:23- $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text%28%29
      Resolving <host> <ip>
      Connecting to <host>|<ip>|<port>... connected.
      HTTP request sent, awaiting response... 403 Forbidden
      2013-02-19 12:54:23 ERROR 403: Forbidden.

      [user@host ~]$ ls -s wgetresponse
      0 wgetresponse

      The output file is empty.

      The problem occurs for the request $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=sum(//build/number)
      When I append &wrapper=list a java.lang.ClassCastException: java.lang.Double cannot be cast to org.dom4j.Node occurs.

      On the other hand, when text() is used inside the contains()-function, a correct response is given.
      $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild[contains%28text%28%29,%27false%27%29]

          [JENKINS-16877] In Jenkins v1.480.3 encoding problems occur for XML api using a XPath function as leaf

          I am also getting the same problem after upgrading from 1.501 to 1.502

          http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number returns the following

          <number>100</number>

          http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number/text()

          returns ERROR 403: Forbidden

          Geoff Cummings added a comment - I am also getting the same problem after upgrading from 1.501 to 1.502 http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number returns the following <number>100</number> http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number/text() returns ERROR 403: Forbidden

          I was able to get the text() functionality back by setting hudson.model.Api.INSECURE=true when starting jenkins

          Please see the following link: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

          Geoff Cummings added a comment - I was able to get the text() functionality back by setting hudson.model.Api.INSECURE=true when starting jenkins Please see the following link: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

          andreas f added a comment -

          Thanks, that did the trick.

          andreas f added a comment - Thanks, that did the trick.

          twolfart added a comment -

          I have the same problem:

          After upgrading to 1.502 (from 1.49x) we can't detect the build status using:
          /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result/text()

          It works without the xpath function, but provides the result-tag and not only the content:
          /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result

          twolfart added a comment - I have the same problem: After upgrading to 1.502 (from 1.49x) we can't detect the build status using: /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result/text() It works without the xpath function, but provides the result-tag and not only the content: /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result

          Jesse Glick added a comment -

          Support for primitive result sets with the xpath query parameter in the REST API has been dropped. Please retrieve a complete XML (or JSON) document and parse out the bits you need.

          Jesse Glick added a comment - Support for primitive result sets with the xpath query parameter in the REST API has been dropped. Please retrieve a complete XML (or JSON) document and parse out the bits you need.

          Daniel Beck added a comment -

          The API documentation should be changed accordingly. Or is there a way to get a text node without using text()?

          "If the XPath only matches a text node, the result will be sent with text/plain MIME type to simplify further processing."

          Daniel Beck added a comment - The API documentation should be changed accordingly. Or is there a way to get a text node without using text() ? "If the XPath only matches a text node, the result will be sent with text/plain MIME type to simplify further processing."

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/resources/hudson/model/Api/index.jelly
          http://jenkins-ci.org/commit/jenkins/1e6454a77f3b07ec68f8df7f959262f36dba5b05
          Log:
          JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP).


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/resources/hudson/model/Api/index.jelly http://jenkins-ci.org/commit/jenkins/1e6454a77f3b07ec68f8df7f959262f36dba5b05 Log: JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP). – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2335
          JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP). (Revision 1e6454a77f3b07ec68f8df7f959262f36dba5b05)

          Result = UNSTABLE
          Jesse Glick : 1e6454a77f3b07ec68f8df7f959262f36dba5b05
          Files :

          • core/src/main/resources/hudson/model/Api/index.jelly

          dogfood added a comment - Integrated in jenkins_main_trunk #2335 JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP). (Revision 1e6454a77f3b07ec68f8df7f959262f36dba5b05) Result = UNSTABLE Jesse Glick : 1e6454a77f3b07ec68f8df7f959262f36dba5b05 Files : core/src/main/resources/hudson/model/Api/index.jelly

            Unassigned Unassigned
            andreasfridlund andreas f
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: