Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19457

Buggy plugin implementations break job configuration too easily

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      The implementation of registerValidator() in hudson-behavior.js blindly pushes content from the Job configuration (attribute=checkUrl) into an eval() if the attribute "checkDependsOn" is absent.

      In cases where a plugin has no JavaScript in "checkUrl" but a plain URL String the eval() call fails as the content is interpreted as RegEx with invalid flags.

      Here is the current code in Question at line 414 to 424:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
          return eval(url); // need access to 'this', so no 'geval'
      } else {
      //...
      

      A simple fix to prevent the breakdown of the overall Job Configuration could be achieved as follows:

      var url = this.getAttribute("checkUrl");
      var depends = this.getAttribute("checkDependsOn");
      
      if (depends==null) {// legacy behaviour where checkUrl is a JavaScript
        try {
          return eval(url); // need access to 'this', so no 'geval'
        } catch(e) {
          return url; // if the URL is not JavaScript, simply return the URL
        }
      } else {
      //...
      

      This fix or a similar approach would make the UI more robust and less fragile, especially as the core application relies on external (plugin) code.

          [JENKINS-19457] Buggy plugin implementations break job configuration too easily

          Jens Hausherr created issue -

          Jens Hausherr added a comment -

          Jens Hausherr added a comment - Added pull request https://github.com/jenkinsci/jenkins/pull/934
          Geoff Cummings made changes -
          Link New: This issue is related to JENKINS-19248 [ JENKINS-19248 ]

          Code changed in jenkins
          User: Jens Hausherr
          Path:
          war/src/main/webapp/scripts/hudson-behavior.js
          http://jenkins-ci.org/commit/jenkins/afa517e4615371d9a151ef2867dd385093fc8619
          Log:
          JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jens Hausherr Path: war/src/main/webapp/scripts/hudson-behavior.js http://jenkins-ci.org/commit/jenkins/afa517e4615371d9a151ef2867dd385093fc8619 Log: JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          changelog.html
          war/src/main/webapp/scripts/hudson-behavior.js
          http://jenkins-ci.org/commit/jenkins/b94cab3ac6c1e79fff4929ef1b025fe6716bfe55
          Log:
          [FIXED JENKINS-19457]

          Merge remote-tracking branch 'origin/pr/934'

          Compare: https://github.com/jenkinsci/jenkins/compare/dfd60492e7a8...b94cab3ac6c1

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: changelog.html war/src/main/webapp/scripts/hudson-behavior.js http://jenkins-ci.org/commit/jenkins/b94cab3ac6c1e79fff4929ef1b025fe6716bfe55 Log: [FIXED JENKINS-19457] Merge remote-tracking branch 'origin/pr/934' Compare: https://github.com/jenkinsci/jenkins/compare/dfd60492e7a8...b94cab3ac6c1
          SCM/JIRA link daemon made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Jesse Glick made changes -
          Link New: This issue is duplicated by JENKINS-19248 [ JENKINS-19248 ]
          Jesse Glick made changes -
          Link Original: This issue is related to JENKINS-19248 [ JENKINS-19248 ]

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2858
          JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown (Revision afa517e4615371d9a151ef2867dd385093fc8619)

          Result = SUCCESS
          jabbrwcky : afa517e4615371d9a151ef2867dd385093fc8619
          Files :

          • war/src/main/webapp/scripts/hudson-behavior.js

          dogfood added a comment - Integrated in jenkins_main_trunk #2858 JENKINS-19457 Wrap eval in try-catch to prevent job configuration breakdown (Revision afa517e4615371d9a151ef2867dd385093fc8619) Result = SUCCESS jabbrwcky : afa517e4615371d9a151ef2867dd385093fc8619 Files : war/src/main/webapp/scripts/hudson-behavior.js

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          test/src/test/groovy/lib/form/TextAreaTest.groovy
          test/src/test/resources/lib/form/TextAreaTest/TestBuilder/config.jelly
          http://jenkins-ci.org/commit/jenkins/ac274f153b732d1834b9e0aa46ee6f64fa3527cb
          Log:
          JENKINS-19457

          Added a test case in an attempt to isolate the root cause of the problem, but this one works as expected. Hmm.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: test/src/test/groovy/lib/form/TextAreaTest.groovy test/src/test/resources/lib/form/TextAreaTest/TestBuilder/config.jelly http://jenkins-ci.org/commit/jenkins/ac274f153b732d1834b9e0aa46ee6f64fa3527cb Log: JENKINS-19457 Added a test case in an attempt to isolate the root cause of the problem, but this one works as expected. Hmm.

            Unassigned Unassigned
            jabbrwcky Jens Hausherr
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: