Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19457

Buggy plugin implementations break job configuration too easily

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      The implementation of registerValidator() in hudson-behavior.js blindly pushes content from the Job configuration (attribute=checkUrl) into an eval() if the attribute "checkDependsOn" is absent.

      In cases where a plugin has no JavaScript in "checkUrl" but a plain URL String the eval() call fails as the content is interpreted as RegEx with invalid flags.

      Here is the current code in Question at line 414 to 424:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
          return eval(url); // need access to 'this', so no 'geval'
      } else {
      //...
      

      A simple fix to prevent the breakdown of the overall Job Configuration could be achieved as follows:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
        try {
          return eval(url); // need access to 'this', so no 'geval'
        } catch(e) {
          return url; // if the URL is not JavaScript, simply return the URL
        }
      } else {
      //...
      

      This fix or a similar approach would make the UI more robust and less fragile, especially as the core application relies on external (plugin) code.

          [JENKINS-19457] Buggy plugin implementations break job configuration too easily

          Jens Hausherr added a comment -

          Jens Hausherr added a comment - Added pull request https://github.com/jenkinsci/jenkins/pull/934

          Code changed in jenkins
          User: Jens Hausherr
          Path:
          war/src/main/webapp/scripts/hudson-behavior.js
          http://jenkins-ci.org/commit/jenkins/afa517e4615371d9a151ef2867dd385093fc8619
          Log:
          JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jens Hausherr Path: war/src/main/webapp/scripts/hudson-behavior.js http://jenkins-ci.org/commit/jenkins/afa517e4615371d9a151ef2867dd385093fc8619 Log: JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          war/src/main/webapp/scripts/hudson-behavior.js
          http://jenkins-ci.org/commit/jenkins/b94cab3ac6c1e79fff4929ef1b025fe6716bfe55
          Log:
          [FIXED JENKINS-19457]

          Merge remote-tracking branch 'origin/pr/934'

          Compare: https://github.com/jenkinsci/jenkins/compare/dfd60492e7a8...b94cab3ac6c1

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html war/src/main/webapp/scripts/hudson-behavior.js http://jenkins-ci.org/commit/jenkins/b94cab3ac6c1e79fff4929ef1b025fe6716bfe55 Log: [FIXED JENKINS-19457] Merge remote-tracking branch 'origin/pr/934' Compare: https://github.com/jenkinsci/jenkins/compare/dfd60492e7a8...b94cab3ac6c1

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2858
          JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown (Revision afa517e4615371d9a151ef2867dd385093fc8619)

          Result = SUCCESS
          jabbrwcky : afa517e4615371d9a151ef2867dd385093fc8619
          Files :

          • war/src/main/webapp/scripts/hudson-behavior.js

          dogfood added a comment - Integrated in jenkins_main_trunk #2858 JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown (Revision afa517e4615371d9a151ef2867dd385093fc8619) Result = SUCCESS jabbrwcky : afa517e4615371d9a151ef2867dd385093fc8619 Files : war/src/main/webapp/scripts/hudson-behavior.js

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          test/src/test/groovy/lib/form/TextAreaTest.groovy
          test/src/test/resources/lib/form/TextAreaTest/TestBuilder/config.jelly
          http://jenkins-ci.org/commit/jenkins/ac274f153b732d1834b9e0aa46ee6f64fa3527cb
          Log:
          JENKINS-19457

          Added a test case in an attempt to isolate the root cause of the problem, but this one works as expected. Hmm.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: test/src/test/groovy/lib/form/TextAreaTest.groovy test/src/test/resources/lib/form/TextAreaTest/TestBuilder/config.jelly http://jenkins-ci.org/commit/jenkins/ac274f153b732d1834b9e0aa46ee6f64fa3527cb Log: JENKINS-19457 Added a test case in an attempt to isolate the root cause of the problem, but this one works as expected. Hmm.

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2859
          JENKINS-19457 (Revision ac274f153b732d1834b9e0aa46ee6f64fa3527cb)

          Result = SUCCESS
          kohsuke : ac274f153b732d1834b9e0aa46ee6f64fa3527cb
          Files :

          • test/src/test/resources/lib/form/TextAreaTest/TestBuilder/config.jelly
          • test/src/test/groovy/lib/form/TextAreaTest.groovy

          dogfood added a comment - Integrated in jenkins_main_trunk #2859 JENKINS-19457 (Revision ac274f153b732d1834b9e0aa46ee6f64fa3527cb) Result = SUCCESS kohsuke : ac274f153b732d1834b9e0aa46ee6f64fa3527cb Files : test/src/test/resources/lib/form/TextAreaTest/TestBuilder/config.jelly test/src/test/groovy/lib/form/TextAreaTest.groovy

          Christoph Vogtländer added a comment - - edited

          Is this issue still present in LTS version? I'm running into this problem on 1.554.1 and 1.532.3 LTS. Is there any chance to isolate the problem without deactivating all plug-ins? (JENKINS-19248 names publish-over-ssh as a possible culprit which is not installed on my system). Unfortunately I do not configure jobs very often but update my plug-ins and core on a regularly basis so I do not know which plug-in/update might causing this.
          Update: the plug-in causing this is JIRA Plugin for Jenkins 1.4.4 (1.4.2 and 1.4.3 are working correctly)

          Christoph Vogtländer added a comment - - edited Is this issue still present in LTS version? I'm running into this problem on 1.554.1 and 1.532.3 LTS. Is there any chance to isolate the problem without deactivating all plug-ins? ( JENKINS-19248 names publish-over-ssh as a possible culprit which is not installed on my system). Unfortunately I do not configure jobs very often but update my plug-ins and core on a regularly basis so I do not know which plug-in/update might causing this. Update: the plug-in causing this is JIRA Plugin for Jenkins 1.4.4 (1.4.2 and 1.4.3 are working correctly)

          Jens Hausherr added a comment -

          The main problem is that it is not tied to a particular plugin. Each plugin you install contributes to the javascript executed on the configuration page of each job. If any one plugin introduces an erroneous java script the whole configuration page stops working, leaving you gesssing which plugin could be the culprit.

          The only real solution to this would be some kind of sandboxing of each plugin in an error handler that ensures that the rest of the configuration page still works, optimally telling the user which plugin broke so it can be fixed easier.

          Jens Hausherr added a comment - The main problem is that it is not tied to a particular plugin. Each plugin you install contributes to the javascript executed on the configuration page of each job. If any one plugin introduces an erroneous java script the whole configuration page stops working, leaving you gesssing which plugin could be the culprit. The only real solution to this would be some kind of sandboxing of each plugin in an error handler that ensures that the rest of the configuration page still works, optimally telling the user which plugin broke so it can be fixed easier.

            Unassigned Unassigned
            jabbrwcky Jens Hausherr
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: