[JENKINS-32433] folders should have a depth limit for rest api calls

Type: Improvement
Resolution: Unresolved
Priority: Minor
Component/s: cloudbees-folder-plugin
Labels:
None
Environment:
Cloudbees Jenkins 14.11

Similar Issues:
Powered by SuggestiMate

Show

When users are using the rest api interface with a folder, the depth limit allows very large amounts of data to be returned, which can overload Jenkins.

There is no way to stop this in Jenkins, only by using apache in front of Jenkins and blocking patterns and query strings is this possible.

CB published an article on how to use tree to limit this

https://www.cloudbees.com/blog/taming-jenkins-json-api-depth-and-tree

Mike Brosnan created issue - 2016-01-13 14:59

Jesse Glick added a comment - 2016-03-14 18:56

I would interpret this as a more general request for a way to block any Api.doJson/Xml call if tree were omitted.

Jesse Glick added a comment - 2016-03-14 18:56 I would interpret this as a more general request for a way to block any Api.doJson/Xml call if tree were omitted.

R. Tyler Croy made changes - 2016-07-25 23:52

Workflow

Original: JNJira [ 168062 ]

New: JNJira + In-Review [ 182952 ]

Assignee:: Jesse Glick

Reporter:: Mike Brosnan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2016-01-13 14:59

Updated:: 2016-03-14 18:56

Jenkins

Details

Description

Attachments

Activity

Collapse comment: Jesse Glick added a comment - 2016-03-14 18:56

Expand comment: Jesse Glick added a comment - 2016-03-14 18:56

People

Dates