-
Bug
-
Resolution: Fixed
-
Critical
https://jenkins.io/blog/2016/05/11/security-update/
This security update prevents me from accessing HP_RUN_ID after the build has executed.
thanks
As a temporary workaround please set the following argument to your Jenkins server (to your jenkins.xml for example):
-Dhudson.model.ParametersAction.safeParameters=HP_RUN_ID
As being described on the security update:
https://jenkins.io/blog/2016/05/11/security-update/
Thanks.
[JENKINS-39654] HP_RUN_ID not available after Jenkins security change
John Gregg
added a comment - I only have experience with performance tests. I use the build step "Execute HP tests using Performance Center." The plugin tries to set an environment variable called HP_RUN_ID in PcBuilder.java. That parameter is no longer visible once the plugin completes its work because of the security restriction in the link I provided unless we follow the workarounds. I'm hoping you can do something to make this work again without needing a workaround. See the link for information.
I personally pass the HP_RUN_ID to Ant scripts to do various things.
The attached file jenkins-bad.txt shows the results of running a test, followed by a post-build step to execute a Windows batch command. In this case I'm just echoing %HP_RUN_ID%, which you can see is empty. I no longer have an installed old copy of Jenkins to test the previous behavior, but jenkins-good.txt shows what happens when I use one of the workarounds in the security note.
Thanks
John Gregg
added a comment - I only have experience with performance tests. I use the build step "Execute HP tests using Performance Center." The plugin tries to set an environment variable called HP_RUN_ID in PcBuilder.java. That parameter is no longer visible once the plugin completes its work because of the security restriction in the link I provided unless we follow the workarounds. I'm hoping you can do something to make this work again without needing a workaround. See the link for information.
I personally pass the HP_RUN_ID to Ant scripts to do various things.
The attached file jenkins-bad.txt shows the results of running a test, followed by a post-build step to execute a Windows batch command. In this case I'm just echoing %HP_RUN_ID%, which you can see is empty. I no longer have an installed old copy of Jenkins to test the previous behavior, but jenkins-good.txt shows what happens when I use one of the workarounds in the security note.
Thanks 
Oren Pelzman
added a comment - An internal defect has been submitted, we will address this in one of the upcoming releases.
Oren Pelzman
added a comment - An internal defect has been submitted, we will address this in one of the upcoming releases. 
Hanan Bem
added a comment - As a temporary workaround please set the following argument to your Jenkins server (to your jenkins.xml for example):
-Dhudson.model.ParametersAction.safeParameters=HP_RUN_ID
As being described on the security update:
https://jenkins.io/blog/2016/05/11/security-update/
Thanks,
Hanan.
Hanan Bem
added a comment - As a temporary workaround please set the following argument to your Jenkins server (to your jenkins.xml for example):
-Dhudson.model.ParametersAction.safeParameters=HP_RUN_ID
As being described on the security update:
https://jenkins.io/blog/2016/05/11/security-update/
Thanks,
Hanan. Hanan Bem
added a comment - Please download latest Plugin Code changed in jenkins
User: bamh
Path:
src/main/java/com/hp/application/automation/tools/model/PcModel.java
src/main/java/com/hp/application/automation/tools/pc/PcClient.java
src/main/java/com/hp/application/automation/tools/pc/PcRestProxy.java
src/main/java/com/hp/application/automation/tools/run/AdditionalParametersAction.java
src/main/java/com/hp/application/automation/tools/run/PcBuilder.java
src/main/resources/com/hp/application/automation/tools/run/PcBuilder/config.jelly
src/test/java/com/hp/application/automation/tools/pc/MockPcModel.java
src/test/java/com/hp/application/automation/tools/pc/MockPcRestProxy.java
src/test/java/com/hp/application/automation/tools/pc/MockPcRestProxyBadResponses.java
src/test/java/com/hp/application/automation/tools/pc/PcTestBase.java
src/test/java/com/hp/application/automation/tools/pc/TestPcClient.java
src/test/java/com/hp/application/automation/tools/pc/TestPcClientNegativeScenrios.java
http://jenkins-ci.org/commit/hpe-application-automation-tools-plugin/1339c9cc701571990b34f44298a156ac2783d5f6
Log:
Support HTTPS protocol for PCS (#155)
- index on master: ab83a3d Merge remote-tracking branch 'remotes/origin/5.0.1-beta-SNAPSHOT'
- Revert pom changes
- Merge branch '5.0.1-beta-SNAPSHOT' of https://github.com/hpsa/hp-application-automation-tools-plugin into development
- Conflicts:
- .github/PULL_REQUEST_TEMPLATE.md
- Added some comments
- changes according to sonarlint
- changes for sonarlint
- Remove some comments
- Comments
- * Fix for supporting SECURITY-170 changes
- https://jenkins.io/blog/2016/05/11/security-update/
- https://issues.jenkins-ci.org/browse/JENKINS-39654
- code changes for sonarlint
Code changed in jenkins
User: bamh
Path:
src/main/java/com/hp/application/automation/tools/model/PcModel.java
src/main/java/com/hp/application/automation/tools/pc/PcClient.java
src/main/java/com/hp/application/automation/tools/pc/PcRestProxy.java
src/main/java/com/hp/application/automation/tools/run/PcBuilder.java
src/main/resources/com/hp/application/automation/tools/run/PcBuilder/config.jelly
src/main/resources/com/hp/application/automation/tools/run/PcBuilder/help-proxyOutURL.html
src/test/java/com/hp/application/automation/tools/pc/MockPcModel.java
src/test/java/com/hp/application/automation/tools/pc/MockPcRestProxy.java
src/test/java/com/hp/application/automation/tools/pc/MockPcRestProxyBadResponses.java
http://jenkins-ci.org/commit/hpe-application-automation-tools-plugin/e86d97dc31020dee7356d07606ecf2ceb4bcb7a4
Log:
PC Adding features (#194)
- index on master: ab83a3d Merge remote-tracking branch 'remotes/origin/5.0.1-beta-SNAPSHOT'
- Revert pom changes
- Merge branch '5.0.1-beta-SNAPSHOT' of https://github.com/hpsa/hp-application-automation-tools-plugin into development
- Conflicts:
- .github/PULL_REQUEST_TEMPLATE.md
- Added some comments
- changes according to sonarlint
- changes for sonarlint
- Remove some comments
- Comments
- * Fix for supporting SECURITY-170 changes
- https://jenkins.io/blog/2016/05/11/security-update/
- https://issues.jenkins-ci.org/browse/JENKINS-39654
- code changes for sonarlint
- Changes in PC configuration section header
- Adding support for Jenkins using proxy: https://issues.jenkins-ci.org/browse/JENKINS-44314
Changing the HTTPS checkbox position
- Adding link under Test ID text box for browsing to the PC Server
Code changed in jenkins
User: bamh
Path:
src/main/java/com/hp/application/automation/tools/model/PcModel.java
src/main/java/com/hp/application/automation/tools/model/PostRunAction.java
src/main/java/com/hp/application/automation/tools/pc/PcClient.java
src/main/java/com/hp/application/automation/tools/pc/PcRestProxy.java
src/main/java/com/hp/application/automation/tools/pc/PcTest.java
src/main/java/com/hp/application/automation/tools/pc/PcTestData.java
src/main/java/com/hp/application/automation/tools/pc/PcTestInstance.java
src/main/java/com/hp/application/automation/tools/pc/PcTestInstances.java
src/main/java/com/hp/application/automation/tools/pc/PcTestSet.java
src/main/java/com/hp/application/automation/tools/pc/PcTestSets.java
src/main/java/com/hp/application/automation/tools/pc/TestInstanceCreateRequest.java
src/main/java/com/hp/application/automation/tools/run/PcBuilder.java
src/main/resources/com/hp/application/automation/tools/run/PcBuilder/config.jelly
src/test/java/com/hp/application/automation/tools/pc/MockPcModel.java
src/test/java/com/hp/application/automation/tools/pc/MockPcRestProxy.java
src/test/java/com/hp/application/automation/tools/pc/PcTestBase.java
http://jenkins-ci.org/commit/hpe-application-automation-tools-plugin/c3b8a069342c75210aec76b5c884d79d78706327
Log:
Advanced trending option and Support automatically finding and creating Test Instance (#198)
- index on master: ab83a3d Merge remote-tracking branch 'remotes/origin/5.0.1-beta-SNAPSHOT'
- Revert pom changes
- Merge branch '5.0.1-beta-SNAPSHOT' of https://github.com/hpsa/hp-application-automation-tools-plugin into development
- Conflicts:
- .github/PULL_REQUEST_TEMPLATE.md
- Added some comments
- changes according to sonarlint
- changes for sonarlint
- Remove some comments
- Comments
- * Fix for supporting SECURITY-170 changes
- https://jenkins.io/blog/2016/05/11/security-update/
- https://issues.jenkins-ci.org/browse/JENKINS-39654
- code changes for sonarlint
- Changes in PC configuration section header
- Adding support for Jenkins using proxy: https://issues.jenkins-ci.org/browse/JENKINS-44314
Changing the HTTPS checkbox position
- Adding link under Test ID text box for browsing to the PC Server
- Added support for creating TESTINSTANCEID before running a test.
Still needs to add:
1. TestSetID is a stub, we need to check if there is one and to create if not exists
2. Need to check if a test instance id is already exists
- Adding support for createTestInstance if test instance is not available.
- SonarLint Changes
- Support auto trending options
https://issues.jenkins-ci.org/browse/JENKINS-44723
- Added Unit Testing for new Tests Rest API
- Minor change in UI
- Small change regarding the flow of the Auto Trending feature
John Gregg
added a comment - I'm using 5.6.2 and still see the same behavior. I don't see anything in the committed files that looks like it addresses this problem.
John Gregg
added a comment - I'm using 5.6.2 and still see the same behavior. I don't see anything in the committed files that looks like it addresses this problem. 
Can you please supply more information?
Which prudoct is involved? which Step was used?
Please upload log and build config.
Which jenkins version you used? which OS?