Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44010

Check nullability of getCrumbIssuer() on the Wizard

      Jenkins.getInstance().getCrumbIssuer() method could potentially be null and the Admin user creation page is not checking it.

       

      See the comment from amuniz in https://github.com/jenkinsci/jenkins/commit/3c3977395633db0a2c9a29550e0249451fa97ba0#commitcomment-21985458

          [JENKINS-44010] Check nullability of getCrumbIssuer() on the Wizard

          Alvaro Lobato created issue -
          Manuel Recena Soto made changes -
          Description Original: Jenkins.getInstance().getCrumbIssuer() could potentially be {null} and the Admin user creation page is not checking it. New: Jenkins.getInstance().getCrumbIssuer() could potentially be {{null}} and the Admin user creation page is not checking it.
          Manuel Recena Soto made changes -
          Description Original: Jenkins.getInstance().getCrumbIssuer() could potentially be {{null}} and the Admin user creation page is not checking it. New: {{Jenkins.getInstance().getCrumbIssuer()}} method could potentially be {{null}} and the Admin user creation page is not checking it.
          Oleg Nenashev made changes -
          Description Original: {{Jenkins.getInstance().getCrumbIssuer()}} method could potentially be {{null}} and the Admin user creation page is not checking it. New: {{Jenkins.getInstance().getCrumbIssuer()}} method could potentially be {{null}} and the Admin user creation page is not checking it.

           

          See the comment from [~amuniz] in https://github.com/jenkinsci/jenkins/commit/3c3977395633db0a2c9a29550e0249451fa97ba0#commitcomment-21985458
          Oleg Nenashev made changes -
          Labels New: regression

          Oleg Nenashev added a comment -

          If you expect it to be backported, there should be much better description of the problem and the impact. As jglick said in another chat, this is probably a bad use-case

          Oleg Nenashev added a comment - If you expect it to be backported, there should be much better description of the problem and the impact. As jglick said in another chat, this is probably a bad use-case

          Jesse Glick added a comment -

          I do not propose this as an lts-candidate.

          Jesse Glick added a comment - I do not propose this as an lts-candidate .
          Jesse Glick made changes -
          Link New: This issue blocks SECURITY-412 [ SECURITY-412 ]
          Jesse Glick made changes -
          Assignee New: Jesse Glick [ jglick ]
          Jesse Glick made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]

            jglick Jesse Glick
            alobato Alvaro Lobato
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: