Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42551

Able to generate invalid declarative Jenkinsfiles

    XMLWordPrintable

Details

    Description

      In certain cases, it is possible to generate invalid Jenkinsfiles.

      For one thing, we need to escape backslashes.

      Additionally, I suggest during the JSON validation, we convert to declarative, and then also validate the declarative file, just to prevent invalid files from ever being created, since we can't actually load them into the editor again.

      An example JSON request that generates invalid declarative:

      {"pipeline":{"agent":{"type":"any"},"stages":[{"name":"Build","branches":[{"name":"default","steps":[{"name":"sh","arguments":[{"key":"script","value":{"isLiteral":true,"value":"echo 'hello\\'"}}]}]}]}]}}

       

      Attachments

        Issue Links

          Activity

            kzantow Keith Zantow created issue -
            kzantow Keith Zantow made changes -
            Field Original Value New Value
            Description In certain cases, it is possible to generate invalid Jenkinsfiles.

            I suggest during the JSON validation, we convert to declarative, and then also validate the declarative file, just to prevent invalid files from ever being created.

            An example JSON request that generates invalid declarative:
            {code:java}
            {"pipeline":{"agent":{"type":"any"},"stages":[{"name":"Build","branches":[{"name":"default","steps":[{"name":"sh","arguments":[{"key":"script","value":{"isLiteral":true,"value":"echo 'hello\\'"}}]}]}]}]}}{code}
             
            In certain cases, it is possible to generate invalid Jenkinsfiles.

            For one thing, we need to escape backslashes.

            Additionally, I suggest during the JSON validation, we convert to declarative, and then also validate the declarative file, just to prevent invalid files from ever being created, since we can't actually load them into the editor again.

            An example JSON request that generates invalid declarative:
            {code:java}
            {"pipeline":{"agent":{"type":"any"},"stages":[{"name":"Build","branches":[{"name":"default","steps":[{"name":"sh","arguments":[{"key":"script","value":{"isLiteral":true,"value":"echo 'hello\\'"}}]}]}]}]}}{code}
             
            abayer Andrew Bayer added a comment -

            Aaaaah - string hell. Good thought.

            abayer Andrew Bayer added a comment - Aaaaah - string hell. Good thought.
            abayer Andrew Bayer made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            abayer Andrew Bayer made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            abayer Andrew Bayer added a comment - PR up at  https://github.com/jenkinsci/pipeline-model-definition-plugin/pull/133
            abayer Andrew Bayer made changes -
            Remote Link This issue links to "PR #133 (Web Link)" [ 15656 ]

            Code changed in jenkins
            User: Andrew Bayer
            Path:
            pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/JSONParser.groovy
            pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterAction.java
            pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/validator/JSONValidationTest.java
            pipeline-model-definition/src/test/resources/json/errors/jsonMismatchedQuotes.json
            http://jenkins-ci.org/commit/pipeline-model-definition-plugin/c8d12fa9fd397d9443f4ea40e9d77035b2bd295f
            Log:
            [FIXED JENKINS-42551] Reject mismatched quotes and other invalid Groovy

            So now the JSON string "hello
            '" will cause a parse-time error. I
            also tweaked JSON validation endpoint to also convert to Jenkinsfile
            and validate that, so as to be sure we've actually got JSON that can
            be a valid Jenkinsfile, even if it has some kind of gotcha in it like
            the one fixed here.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/JSONParser.groovy pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterAction.java pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/validator/JSONValidationTest.java pipeline-model-definition/src/test/resources/json/errors/jsonMismatchedQuotes.json http://jenkins-ci.org/commit/pipeline-model-definition-plugin/c8d12fa9fd397d9443f4ea40e9d77035b2bd295f Log: [FIXED JENKINS-42551] Reject mismatched quotes and other invalid Groovy So now the JSON string "hello '" will cause a parse-time error. I also tweaked JSON validation endpoint to also convert to Jenkinsfile and validate that , so as to be sure we've actually got JSON that can be a valid Jenkinsfile, even if it has some kind of gotcha in it like the one fixed here.
            abayer Andrew Bayer made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            bitwiseman Liam Newman added a comment -

            Bulk closing resolved issues.

            bitwiseman Liam Newman added a comment - Bulk closing resolved issues.
            bitwiseman Liam Newman made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

            People

              abayer Andrew Bayer
              kzantow Keith Zantow
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: