[JENKINS-34762] PR status cannot be updated due to filtered parameters

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: ghprb-plugin
Labels:
- security-170

Similar Issues:
Powered by SuggestiMate

Show

The fix for SECURITY-170 as described in this blog post means that Jenkins core filters out any parameters used that were not defined in the job:
https://jenkins.io/blog/2016/05/11/security-update/

Since GHPRB defines lots of parameters at runtime, and then later tries to access them, a bunch of functionality in the plugin fails.

For example, at the end of a PR build, the plugin tries to read the PR ID so that it can update it on GitHub — but because the ghprbPullId parameter gets filtered out, the plugin fails to determine the PR ID.

May 12, 2016 12:35:13 PM hudson.model.ParametersAction filter
WARNING: Skipped parameter `ghprbPullId ` as it is undefined on `pr-test-job`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters`=true to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach
May 12, 2016 12:35:13 PM hudson.model.listeners.RunListener report
WARNING: RunListener failed
java.lang.NumberFormatException: null
        at java.lang.Integer.parseInt(Integer.java:542)
        at java.lang.Integer.parseInt(Integer.java:615)
        at org.jenkinsci.plugins.ghprb.extensions.status.GhprbSimpleStatus.createCommitStatus(GhprbSimpleStatus.java:220)
        at org.jenkinsci.plugins.ghprb.extensions.status.GhprbSimpleStatus.onBuildComplete(GhprbSimpleStatus.java:208)
        at org.jenkinsci.plugins.ghprb.GhprbBuilds.onCompleted(GhprbBuilds.java:192)
        at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onCompleted(GhprbBuildListener.java:32)
        at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onCompleted(GhprbBuildListener.java:17)
        at hudson.model.listeners.RunListener.fireCompleted(RunListener.java:202)
        at hudson.model.Run.execute(Run.java:1783)
        at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
        at hudson.model.ResourceController.execute(ResourceController.java:98)
        at hudson.model.Executor.run(Executor.java:410)

Presumably this plugin should define its own Action class to store this information, rather than relying on these parameters to be exported into the environment during a build.

is duplicated by

JENKINS-34811 Environment Variables not being created

Closed

is related to

JENKINS-34847 Missing parameters

Resolved

links to

Andrey Miroshnichenko added a comment - 2016-05-19 02:54 - edited

Ok, seems like the advice provided in the article does not work for my Jenkins 2.5. I see the same:

May 19, 2016 2:51:13 AM hudson.model.ParametersAction filter
WARNING: Skipped parameter `ghprbGhRepository` as it is undefined on `Arena-platform-pull-request-checker`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters`=true to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach

in my log even when specified -Dhudson.model.ParametersAction.keepUndefinedParameters=true

Jenkins was spawned with:

/usr/bin/java -XX:PermSize=256m -XX:MaxPermSize=256m -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8081 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=-1 --ajp13Port=-1 --httpsPort=8083 --httpsCertificate=/data/jenkins/ssl_certs/dev_com.crt --httpsPrivateKey=/data/jenkins/ssl_certs/dev_com.key -Dhudson.model.ParametersAction.keepUndefinedParameters=true

Andrey Miroshnichenko added a comment - 2016-05-19 02:54 - edited Ok, seems like the advice provided in the article does not work for my Jenkins 2.5. I see the same: May 19, 2016 2:51:13 AM hudson.model.ParametersAction filter WARNING: Skipped parameter `ghprbGhRepository` as it is undefined on `Arena-platform-pull-request-checker`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters`= true to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach in my log even when specified -Dhudson.model.ParametersAction.keepUndefinedParameters=true Jenkins was spawned with: /usr/bin/java -XX:PermSize=256m -XX:MaxPermSize=256m -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8081 -Dcom.sun.management.jmxremote.authenticate= false -Dcom.sun.management.jmxremote.ssl= false -jar /usr/share/jenkins/jenkins.war --webroot=/ var /cache/jenkins/war --httpPort=-1 --ajp13Port=-1 --httpsPort=8083 --httpsCertificate=/data/jenkins/ssl_certs/dev_com.crt --httpsPrivateKey=/data/jenkins/ssl_certs/dev_com.key -Dhudson.model.ParametersAction.keepUndefinedParameters= true

Andrey Miroshnichenko added a comment - 2016-05-19 03:12

...changed the command - moved the parameter before -jar happens:

/usr/bin/java -XX:PermSize=256m -XX:MaxPermSize=256m -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8081 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dhudson.model.ParametersAction.keepUndefinedParameters=true -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=-1 --ajp13Port=-1 --httpsPort=8083 --httpsCertificate=/data/jenkins/ssl_certs/dev_com.crt --httpsPrivateKey=/data/jenkins/ssl_certs/dev_com.key

Andrey Miroshnichenko added a comment - 2016-05-19 03:12 ...changed the command - moved the parameter before -jar happens: /usr/bin/java -XX:PermSize=256m -XX:MaxPermSize=256m -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8081 -Dcom.sun.management.jmxremote.authenticate= false -Dcom.sun.management.jmxremote.ssl= false -Dhudson.model.ParametersAction.keepUndefinedParameters= true -jar /usr/share/jenkins/jenkins.war --webroot=/ var /cache/jenkins/war --httpPort=-1 --ajp13Port=-1 --httpsPort=8083 --httpsCertificate=/data/jenkins/ssl_certs/dev_com.crt --httpsPrivateKey=/data/jenkins/ssl_certs/dev_com.key

Christopher Orr added a comment - 2016-05-23 10:55

Fixed in 1.32.1 of the plugin.

Christopher Orr added a comment - 2016-05-23 10:55 Fixed in 1.32.1 of the plugin.

Wolfgang Schnerring added a comment - 2016-05-24 11:40

The -Dhudson.model.ParametersAction.safeParameters workaround works for me, however the new plugin version 1.32.1 does not work for me, it does not substitute the sha1-parameter in the job.

Wolfgang Schnerring added a comment - 2016-05-24 11:40 The -Dhudson.model.ParametersAction.safeParameters workaround works for me, however the new plugin version 1.32.1 does not work for me, it does not substitute the sha1 -parameter in the job.

Christopher Orr added a comment - 2016-05-24 11:43

wosc: Are you able to provide any details other than it "does not work"?

What do you see in the logs? Does this happen for all ghprb parameters? What type of job are you using? If it's a matrix job, then that's also broken and doesn't provide parameters at the moment:
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170

Christopher Orr added a comment - 2016-05-24 11:43 wosc : Are you able to provide any details other than it "does not work"? What do you see in the logs? Does this happen for all ghprb parameters? What type of job are you using? If it's a matrix job, then that's also broken and doesn't provide parameters at the moment: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170

Wolfgang Schnerring added a comment - 2016-05-24 13:01

orrc Sorry about my brevity, but unfortunately I really don't have much more to tell:

The job is a "normal" job, no matrix or anything
The job has a parameter named sha1 (as recommended by https://wiki.jenkins-ci.org/display/JENKINS/GitHub+pull+request+builder+plugin if one occasionally wants to build manually), with a default value of "fill-me-in"
From the console output I see that the sha1 Parameter is not filled in by v1.32.1 to the commit hash of the PR, but rather the default value is left in, which then causes the job execution to fail because it is not a
valid git commit name
v1.29.4 however fills the parameter, and everything works just fine (if safeParameters is set accordingly)
I cannot find anything relevant in the jenkins log file

How can I give you better diagnostic information?

Wolfgang Schnerring added a comment - 2016-05-24 13:01 orrc Sorry about my brevity, but unfortunately I really don't have much more to tell: The job is a "normal" job, no matrix or anything The job has a parameter named sha1 (as recommended by https://wiki.jenkins-ci.org/display/JENKINS/GitHub+pull+request+builder+plugin if one occasionally wants to build manually), with a default value of "fill-me-in" From the console output I see that the sha1 Parameter is not filled in by v1.32.1 to the commit hash of the PR, but rather the default value is left in, which then causes the job execution to fail because it is not a valid git commit name v1.29.4 however fills the parameter, and everything works just fine (if safeParameters is set accordingly) I cannot find anything relevant in the jenkins log file How can I give you better diagnostic information?

Arnaud Héritier added a comment - 2016-06-09 18:14

https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 is saying that this fix is removed in 1.32.2 ? thus the issue should be reopened ?

Arnaud Héritier added a comment - 2016-06-09 18:14 https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170 is saying that this fix is removed in 1.32.2 ? thus the issue should be reopened ?

Christopher Orr added a comment - 2016-06-11 17:32

ydubreuil made that edit — maybe he can give some info as to why, since no details were added to the wiki.

Both 1.32.1 and 1.32.2 have worked fine for me, and a couple of further releases have been made since then.

Christopher Orr added a comment - 2016-06-11 17:32 ydubreuil made that edit — maybe he can give some info as to why, since no details were added to the wiki. Both 1.32.1 and 1.32.2 have worked fine for me, and a couple of further releases have been made since then.

Yoann Dubreuil added a comment - 2016-06-13 21:51

orrc The fix was rolled back in 1.32.2 and re-introduced in 1.32.3. I updated the wiki page to reflect this.

Yoann Dubreuil added a comment - 2016-06-13 21:51 orrc The fix was rolled back in 1.32.2 and re-introduced in 1.32.3. I updated the wiki page to reflect this.

SCM/JIRA link daemon added a comment - 2016-11-28 07:29

Code changed in jenkins
User: Ben Patterson
Path:
src/main/java/org/jenkinsci/plugins/ghprb/GhprbAdditionalParameterEnvironmentContributor.java
src/main/java/org/jenkinsci/plugins/ghprb/GhprbParametersAction.java
src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java
src/test/java/org/jenkinsci/plugins/ghprb/GhprbIT.java
http://jenkins-ci.org/commit/ghprb-plugin/17ad7df21aa20f70a24d637871dca665865ddc1b
Log:
Merge pull request #439 from jenkinsci/~~JENKINS-34762~~-GHissue-352

Fix for empty parameters in SECURITY-170 updates

Compare: https://github.com/jenkinsci/ghprb-plugin/compare/2a26b52ec9e8...17ad7df21aa2

SCM/JIRA link daemon added a comment - 2016-11-28 07:29 Code changed in jenkins User: Ben Patterson Path: src/main/java/org/jenkinsci/plugins/ghprb/GhprbAdditionalParameterEnvironmentContributor.java src/main/java/org/jenkinsci/plugins/ghprb/GhprbParametersAction.java src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java src/test/java/org/jenkinsci/plugins/ghprb/GhprbIT.java http://jenkins-ci.org/commit/ghprb-plugin/17ad7df21aa20f70a24d637871dca665865ddc1b Log: Merge pull request #439 from jenkinsci/ JENKINS-34762 -GHissue-352 Fix for empty parameters in SECURITY-170 updates Compare: https://github.com/jenkinsci/ghprb-plugin/compare/2a26b52ec9e8...17ad7df21aa2

Assignee:: Honza Brázdil

Reporter:: Christopher Orr

Votes:: 22 Vote for this issue

Watchers:: 31 Start watching this issue

Created:: 2016-05-12 10:46

Updated:: 2016-11-28 07:29

Resolved:: 2016-05-23 10:55

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Andrey Miroshnichenko added a comment - 2016-05-19 02:54, Edited by Andrey Miroshnichenko - 2016-05-19 02:55

Expand comment: Andrey Miroshnichenko added a comment - 2016-05-19 02:54, Edited by Andrey Miroshnichenko - 2016-05-19 02:55

Collapse comment: Andrey Miroshnichenko added a comment - 2016-05-19 03:12

Expand comment: Andrey Miroshnichenko added a comment - 2016-05-19 03:12

Collapse comment: Christopher Orr added a comment - 2016-05-23 10:55

Expand comment: Christopher Orr added a comment - 2016-05-23 10:55

Collapse comment: Wolfgang Schnerring added a comment - 2016-05-24 11:40

Expand comment: Wolfgang Schnerring added a comment - 2016-05-24 11:40

Collapse comment: Christopher Orr added a comment - 2016-05-24 11:43

Expand comment: Christopher Orr added a comment - 2016-05-24 11:43

Collapse comment: Wolfgang Schnerring added a comment - 2016-05-24 13:01

Expand comment: Wolfgang Schnerring added a comment - 2016-05-24 13:01

Collapse comment: Arnaud Héritier added a comment - 2016-06-09 18:14

Expand comment: Arnaud Héritier added a comment - 2016-06-09 18:14

Collapse comment: Christopher Orr added a comment - 2016-06-11 17:32

Expand comment: Christopher Orr added a comment - 2016-06-11 17:32

Collapse comment: Yoann Dubreuil added a comment - 2016-06-13 21:51

Expand comment: Yoann Dubreuil added a comment - 2016-06-13 21:51

Collapse comment: SCM/JIRA link daemon added a comment - 2016-11-28 07:29

Expand comment: SCM/JIRA link daemon added a comment - 2016-11-28 07:29

People

Dates