Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
Jenkins 1.580.1
authorize-project 1.0.3
Description
When running tests of authorize-project with Jenkins 1.580.1, tests failed as following:
SpecificUsersAuthorizationStrategyTest.testCliFailure:689 Values should be different. Actual: 0 SpecificUsersAuthorizationStrategyTest.testRestInterfaceFailure:525 null
This might mean you can bypass the security checks of authorize-project.
Attachments
Issue Links
- depends on
-
JENKINS-28440 Allow to reject specific configurations via REST and CLI
-
- Resolved
-
- is related to
-
-
- Closed
-
Activity
Code changed in jenkins
User: ikedam
Path:
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/ad44c7fb40382d3be87322d4facb4f981e5d4e0f
Log:
JENKINS-28298 Made `ProjectQueueItemAuthenticatorTest#testWorkflow` to work with strategyEnableMap.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
http://jenkins-ci.org/commit/authorize-project-plugin/084778c790a055c1643252d4e1a48db04c63f143
Log:
[FIXED JENKINS-28298] Call `XStream2#addCriticalField` to reject unauthenticated configurations.
Code changed in jenkins
User: ikedam
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectUtil.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/5bcf6ca30231ee09970f6b7b1a1eedefce126bb4
Log:
Merge pull request #21 from ikedam/feature/JENKINS-28298_addCriticalField
JENKINS-28298 Reject unauthenticated configurations via REST / CLI
Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/acf51252b1b0...5bcf6ca30231
Code changed in jenkins
User: ikedam
Path:
pom.xml
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/fa7ca0de7585a2334f52e72489a3e509f656eef1
Log:
JENKINS-28298Targets Jenkins-1.625.