Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34870

Bitbucket Pull Request plugin affected by SECURITY-170

      I believe just like other PR builder plugins, this one is affected by the SECURITY-170 but is not on the page that tracks them: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170

      08:23:33 FATAL: Command "git rev-parse origin/${targetBranch}^{commit}" returned status code 128:
      08:23:33 stdout: origin/${targetBranch}^{commit}
      

      This used to work with Jenkins 2.2

          [JENKINS-34870] Bitbucket Pull Request plugin affected by SECURITY-170

          Alexej Kubarev added a comment - - edited

          Setting property to allow all unknown parameters did help to temporarily work around the issue.

          Alexej Kubarev added a comment - - edited Setting property to allow all unknown parameters did help to temporarily work around the issue.

          alexejk Where is this setting available?

          Raitis Dembovskis added a comment - alexejk Where is this setting available?

          The setting is for jenkins globaly in the startup parameters, as per https://jenkins.io/blog/2016/05/11/security-update/
          What you are looking for is setting hudson.model.ParametersAction.keepUndefinedParameters for a workaround, but this of course is not good in the long-run until the plugin is updated

          Alexej Kubarev added a comment - The setting is for jenkins globaly in the startup parameters, as per https://jenkins.io/blog/2016/05/11/security-update/ What you are looking for is setting hudson.model.ParametersAction.keepUndefinedParameters for a workaround, but this of course is not good in the long-run until the plugin is updated

          Alexej Kubarev added a comment - The fix PR seems to be available here: https://github.com/nishio-dens/bitbucket-pullrequest-builder-plugin/pull/88

          Raitis Dembovskis added a comment - - edited

          Hmm. My problem was that plugin didn't set $sourceBranch variable which i need to pass to downstream jobs. But $GIT_BRANCH is set if I check out the code. But I am using this job to only track PRs and trigger another job and pass branch name. Before that I didnt need to check out code because plugin would set the $sourceBranch.

          So my solution for now is to check out code and use $GIT_BRANCH.

          Raitis Dembovskis added a comment - - edited Hmm. My problem was that plugin didn't set $sourceBranch variable which i need to pass to downstream jobs. But $GIT_BRANCH is set if I check out the code. But I am using this job to only track PRs and trigger another job and pass branch name. Before that I didnt need to check out code because plugin would set the $sourceBranch. So my solution for now is to check out code and use $GIT_BRANCH.

          Actually, I am using $sourceBranch and a few other parameters. If you set keepUndefinedParameters to true as part of jenkins command-line parameters, it will work.
          As the SECURITY-170 disables "unknown" parameters per default, the $sourceBranch and a few other parameters were not registered by the plugin, and therefore were ignored (and parsed as plain text input).

          Alexej Kubarev added a comment - Actually, I am using $sourceBranch and a few other parameters. If you set keepUndefinedParameters to true as part of jenkins command-line parameters, it will work. As the SECURITY-170 disables "unknown" parameters per default, the $sourceBranch and a few other parameters were not registered by the plugin, and therefore were ignored (and parsed as plain text input).

            Unassigned Unassigned
            alexejk Alexej Kubarev
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: