Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19457

Buggy plugin implementations break job configuration too easily

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • core
    • None

    Description

      The implementation of registerValidator() in hudson-behavior.js blindly pushes content from the Job configuration (attribute=checkUrl) into an eval() if the attribute "checkDependsOn" is absent.

      In cases where a plugin has no JavaScript in "checkUrl" but a plain URL String the eval() call fails as the content is interpreted as RegEx with invalid flags.

      Here is the current code in Question at line 414 to 424:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
          return eval(url); // need access to 'this', so no 'geval'
      } else {
      //...
      

      A simple fix to prevent the breakdown of the overall Job Configuration could be achieved as follows:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
        try {
          return eval(url); // need access to 'this', so no 'geval'
        } catch(e) {
          return url; // if the URL is not JavaScript, simply return the URL
        }
      } else {
      //...
      

      This fix or a similar approach would make the UI more robust and less fragile, especially as the core application relies on external (plugin) code.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              jabbrwcky Jens Hausherr
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: