Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16877

In Jenkins v1.480.3 encoding problems occur for XML api using a XPath function as leaf

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Component/s: core
    • Labels:
      None
    • Environment:
      Windows XP, Jenkins v 1.480.3 (Long Term Support)
    • Similar Issues:

      Description

      I'm extracting the latest build number of a job in a brute force way. Jobs using this functionality are failing after upgrading Jenkins from version 1.480.2 to 1.480.3. My problem occurs specifically when I use the XML API (https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API) and XPath expressions containing the function text().
      Compare the following request:
      Request 1) $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/
      Response 1) <concurrentBuild>false</concurrentBuild>
      w
      Request 2) $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text()
      Response 2)
      The latter yields 403 Forbidden with no result when i try to fetch response with wget:

      [user@host ~]$ wget $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text%28%29 -O wgetresponse
      -2013-02-19 12:54:23- $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild/text%28%29
      Resolving <host> <ip>
      Connecting to <host>|<ip>|<port>... connected.
      HTTP request sent, awaiting response... 403 Forbidden
      2013-02-19 12:54:23 ERROR 403: Forbidden.

      [user@host ~]$ ls -s wgetresponse
      0 wgetresponse

      The output file is empty.

      The problem occurs for the request $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=sum(//build/number)
      When I append &wrapper=list a java.lang.ClassCastException: java.lang.Double cannot be cast to org.dom4j.Node occurs.

      On the other hand, when text() is used inside the contains()-function, a correct response is given.
      $HUDSON_URL/job/$JOB_NAME/api/xml?xpath=//concurrentBuild[contains%28text%28%29,%27false%27%29]

        Attachments

          Issue Links

            Activity

            Hide
            gcummings Geoff Cummings added a comment -

            I am also getting the same problem after upgrading from 1.501 to 1.502

            http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number returns the following

            <number>100</number>

            http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number/text()

            returns ERROR 403: Forbidden

            Show
            gcummings Geoff Cummings added a comment - I am also getting the same problem after upgrading from 1.501 to 1.502 http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number returns the following <number>100</number> http://<jenkins_url>/job/<job_name>/lastSuccessfulBuild/api/xml?xpath=/*/number/text() returns ERROR 403: Forbidden
            Hide
            gcummings Geoff Cummings added a comment -

            I was able to get the text() functionality back by setting hudson.model.Api.INSECURE=true when starting jenkins

            Please see the following link: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16

            Show
            gcummings Geoff Cummings added a comment - I was able to get the text() functionality back by setting hudson.model.Api.INSECURE=true when starting jenkins Please see the following link: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-02-16
            Hide
            andreasfridlund andreas f added a comment -

            Thanks, that did the trick.

            Show
            andreasfridlund andreas f added a comment - Thanks, that did the trick.
            Hide
            twolfart twolfart added a comment -

            I have the same problem:

            After upgrading to 1.502 (from 1.49x) we can't detect the build status using:
            /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result/text()

            It works without the xpath function, but provides the result-tag and not only the content:
            /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result

            Show
            twolfart twolfart added a comment - I have the same problem: After upgrading to 1.502 (from 1.49x) we can't detect the build status using: /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result/text() It works without the xpath function, but provides the result-tag and not only the content: /lastBuild/api/xml?xpath=/mavenModuleSetBuild/result
            Hide
            jglick Jesse Glick added a comment -

            Support for primitive result sets with the xpath query parameter in the REST API has been dropped. Please retrieve a complete XML (or JSON) document and parse out the bits you need.

            Show
            jglick Jesse Glick added a comment - Support for primitive result sets with the xpath query parameter in the REST API has been dropped. Please retrieve a complete XML (or JSON) document and parse out the bits you need.
            Hide
            danielbeck Daniel Beck added a comment -

            The API documentation should be changed accordingly. Or is there a way to get a text node without using text()?

            "If the XPath only matches a text node, the result will be sent with text/plain MIME type to simplify further processing."

            Show
            danielbeck Daniel Beck added a comment - The API documentation should be changed accordingly. Or is there a way to get a text node without using text() ? "If the XPath only matches a text node, the result will be sent with text/plain MIME type to simplify further processing."
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/resources/hudson/model/Api/index.jelly
            http://jenkins-ci.org/commit/jenkins/1e6454a77f3b07ec68f8df7f959262f36dba5b05
            Log:
            JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP).


            You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
            To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
            For more options, visit https://groups.google.com/groups/opt_out.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/resources/hudson/model/Api/index.jelly http://jenkins-ci.org/commit/jenkins/1e6454a77f3b07ec68f8df7f959262f36dba5b05 Log: JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP). – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #2335
            JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP). (Revision 1e6454a77f3b07ec68f8df7f959262f36dba5b05)

            Result = UNSTABLE
            Jesse Glick : 1e6454a77f3b07ec68f8df7f959262f36dba5b05
            Files :

            • core/src/main/resources/hudson/model/Api/index.jelly
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #2335 JENKINS-16877 Removing documentation about insecure access formats (primitive XPath & JSONP). (Revision 1e6454a77f3b07ec68f8df7f959262f36dba5b05) Result = UNSTABLE Jesse Glick : 1e6454a77f3b07ec68f8df7f959262f36dba5b05 Files : core/src/main/resources/hudson/model/Api/index.jelly

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              andreasfridlund andreas f
              Votes:
              2 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: