Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28440

Allow to reject specific configurations via REST and CLI

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None
    • Jenkins >= 1.545

      Plugins could reject configurations via REST and CLI in Jenkins < 1.545 by throwing exceptions in readResolve.
      Authorize Project plugin performs authentications with this behavior.

      Jenkins 1.545 suppresses exceptions in readResolve in JENKINS-21024 (also backported to Jenkins 1.532.3).
      This results that throwing exceptions in readResolve prevents reading configurations into memories via REST / CLI but cannot prevents saving them to the disk.
      Authorize-project doesn't perform authentications when Jenkins reads configurations from the disk and allows bypassing authentications.

      Jenkins 1.551 introduced XStream2#addCriticalField in SECURITY-107 (also backported to Jenkins 1.532.2) which triggers critical errors by exceptions in readResolve but only applied to system configurations, not applied project configurations via REST / CLI. (Exceptions are suppressed in CopyOnWriteList)

      Jenkins should provides a way for plugins to reject configurations via REST / CLI.

          [JENKINS-28440] Allow to reject specific configurations via REST and CLI

          ikedam added a comment -

          ikedam added a comment - https://github.com/jenkinsci/jenkins/pull/1715

          Code changed in jenkins
          User: ikedam
          Path:
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/be67b45a31f2987dd20cdbdfd4b4997f5250d66f
          Log:
          JENKINS-28440 Added tests to reproduce and explain JENKINS-28440.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/be67b45a31f2987dd20cdbdfd4b4997f5250d66f Log: JENKINS-28440 Added tests to reproduce and explain JENKINS-28440 .

          Code changed in jenkins
          User: ikedam
          Path:
          core/src/main/java/hudson/util/CopyOnWriteList.java
          core/src/main/java/hudson/util/RobustCollectionConverter.java
          core/src/main/java/hudson/util/RobustMapConverter.java
          core/src/main/java/hudson/util/RobustReflectionConverter.java
          core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
          core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
          http://jenkins-ci.org/commit/jenkins/2082b08e2a0e54856370af9e3dda342475dff334
          Log:
          [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustMapConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java http://jenkins-ci.org/commit/jenkins/2082b08e2a0e54856370af9e3dda342475dff334 Log: [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI.

          Code changed in jenkins
          User: ikedam
          Path:
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/7958928aedab9695379f17e6462f8b8236910497
          Log:
          JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/7958928aedab9695379f17e6462f8b8236910497 Log: JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI.

          Code changed in jenkins
          User: Daniel Beck
          Path:
          core/src/main/java/hudson/util/CopyOnWriteList.java
          core/src/main/java/hudson/util/RobustCollectionConverter.java
          core/src/main/java/hudson/util/RobustMapConverter.java
          core/src/main/java/hudson/util/RobustReflectionConverter.java
          core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
          core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/e46afb59fd09c9418297a0573252171921a48cea
          Log:
          Merge pull request #1715 from ikedam/feature/JENKINS-28440_HandleCriticalField

          JENKINS-28440 Reject configurations with errors in critical fields via REST / CLI

          Compare: https://github.com/jenkinsci/jenkins/compare/c1b60f18b548...e46afb59fd09

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustMapConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/e46afb59fd09c9418297a0573252171921a48cea Log: Merge pull request #1715 from ikedam/feature/ JENKINS-28440 _HandleCriticalField JENKINS-28440 Reject configurations with errors in critical fields via REST / CLI Compare: https://github.com/jenkinsci/jenkins/compare/c1b60f18b548...e46afb59fd09

          dogfood added a comment -

          Integrated in jenkins_main_trunk #4250
          JENKINS-28440 Added tests to reproduce and explain JENKINS-28440. (Revision be67b45a31f2987dd20cdbdfd4b4997f5250d66f)
          [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI. (Revision 2082b08e2a0e54856370af9e3dda342475dff334)
          JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI. (Revision 7958928aedab9695379f17e6462f8b8236910497)

          Result = SUCCESS
          devld : be67b45a31f2987dd20cdbdfd4b4997f5250d66f
          Files :

          • test/src/test/java/hudson/util/RobustReflectionConverterTest.java

          devld : 2082b08e2a0e54856370af9e3dda342475dff334
          Files :

          • core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
          • core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
          • core/src/main/java/hudson/util/RobustCollectionConverter.java
          • core/src/main/java/hudson/util/RobustReflectionConverter.java
          • core/src/main/java/hudson/util/CopyOnWriteList.java
          • core/src/main/java/hudson/util/RobustMapConverter.java

          devld : 7958928aedab9695379f17e6462f8b8236910497
          Files :

          • test/src/test/java/hudson/util/RobustReflectionConverterTest.java

          dogfood added a comment - Integrated in jenkins_main_trunk #4250 JENKINS-28440 Added tests to reproduce and explain JENKINS-28440 . (Revision be67b45a31f2987dd20cdbdfd4b4997f5250d66f) [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI. (Revision 2082b08e2a0e54856370af9e3dda342475dff334) JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI. (Revision 7958928aedab9695379f17e6462f8b8236910497) Result = SUCCESS devld : be67b45a31f2987dd20cdbdfd4b4997f5250d66f Files : test/src/test/java/hudson/util/RobustReflectionConverterTest.java devld : 2082b08e2a0e54856370af9e3dda342475dff334 Files : core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustMapConverter.java devld : 7958928aedab9695379f17e6462f8b8236910497 Files : test/src/test/java/hudson/util/RobustReflectionConverterTest.java

          Code changed in jenkins
          User: ikedam
          Path:
          core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
          http://jenkins-ci.org/commit/jenkins/d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce
          Log:
          JENKINS-28440 Added @since for CriticalXStreamException.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java http://jenkins-ci.org/commit/jenkins/d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce Log: JENKINS-28440 Added @since for CriticalXStreamException.

          Code changed in jenkins
          User: ikedam
          Path:
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e
          Log:
          JENKINS-28440 Uses CLICommandInvoker in tests.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e Log: JENKINS-28440 Uses CLICommandInvoker in tests.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
          test/src/test/java/hudson/util/RobustReflectionConverterTest.java
          http://jenkins-ci.org/commit/jenkins/69a98484c8a879fef9532e68670e72f5d74267b7
          Log:
          Merge pull request #1811 from ikedam/feature/JENKINS-28440_AdditionalFix

          JENKINS-28440 Additional fixes for #1715

          Compare: https://github.com/jenkinsci/jenkins/compare/bc2ad1b992d1...69a98484c8a8

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/69a98484c8a879fef9532e68670e72f5d74267b7 Log: Merge pull request #1811 from ikedam/feature/ JENKINS-28440 _AdditionalFix JENKINS-28440 Additional fixes for #1715 Compare: https://github.com/jenkinsci/jenkins/compare/bc2ad1b992d1...69a98484c8a8

          dogfood added a comment -

          Integrated in jenkins_main_trunk #4273
          JENKINS-28440 Added @since for CriticalXStreamException. (Revision d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce)
          JENKINS-28440 Uses CLICommandInvoker in tests. (Revision 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e)

          Result = SUCCESS
          devld : d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce
          Files :

          • core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java

          devld : 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e
          Files :

          • test/src/test/java/hudson/util/RobustReflectionConverterTest.java

          dogfood added a comment - Integrated in jenkins_main_trunk #4273 JENKINS-28440 Added @since for CriticalXStreamException. (Revision d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce) JENKINS-28440 Uses CLICommandInvoker in tests. (Revision 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e) Result = SUCCESS devld : d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce Files : core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java devld : 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e Files : test/src/test/java/hudson/util/RobustReflectionConverterTest.java

            ikedam ikedam
            ikedam ikedam
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: