[JENKINS-47372] Create Admin Monitor for disabled CSRF protection - Jenkins Jira

XML

Word

Printable

Details

Type: Improvement
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Component/s: core
Labels:

Similar Issues:

Show

Description

Currently there is no admin monitor for CSRF protection. It is rather bug than feature.

Acceptance criteria:

If CSRF is disabled on the instance, an admin gets administrative warning
There is a functional test, which checks the case

Attachments

Activity

Ascending order - Click to sort in descending order

Oleg Nenashev created issue - 2017-10-10 12:33

Oleg Nenashev made changes - 2017-10-10 12:33

Field	Original Value	New Value
Labels		CSRF administrative-monitor csrf security

Wadeck Follonier made changes - 2017-10-10 13:24

Assignee

Wadeck Follonier [ wfollonier ]

Oleg Nenashev made changes - 2017-10-10 13:26

Status

Open [ 1 ]

In Progress [ 3 ]

SCM/JIRA link daemon added a comment - 2017-10-10 14:17

Code changed in jenkins
User: Oleg Nenashev
Path:
content/redirect/csrf-protection.adoc
http://jenkins-ci.org/commit/jenkins.io/05e78b648dd213ecb31c532ae6bdef1e885191d3
Log:
~~JENKINS-47372~~ - Add CSRF Protection Page redirect

SCM/JIRA link daemon added a comment - 2017-10-10 14:17 Code changed in jenkins User: Oleg Nenashev Path: content/redirect/csrf-protection.adoc http://jenkins-ci.org/commit/jenkins.io/05e78b648dd213ecb31c532ae6bdef1e885191d3 Log: JENKINS-47372 - Add CSRF Protection Page redirect

Wadeck Follonier made changes - 2017-10-10 15:18

Status

In Progress [ 3 ]

In Review [ 10005 ]

SCM/JIRA link daemon added a comment - 2017-10-14 09:45

Code changed in jenkins
User: Wadeck Follonier
Path:
core/src/main/java/jenkins/security/csrf/CSRFAdministrativeMonitor.java
core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.jelly
core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.properties
core/src/main/resources/jenkins/security/csrf/Messages.properties
test/src/test/java/jenkins/security/csrf/CSRFAdministrativeMonitorTest.java
http://jenkins-ci.org/commit/jenkins/02b8e7f3563ac5c758e5829949533ff47bc81e65
Log:
~~JENKINS-47372~~ Add a new Administrative monitor for CSRF-protection (#3072)

~~JENKINS-47372~~ add administrative monitor when there is no CSRF issuer configured

- add line breaks

- add license header

put link in the properties instead of the previous mix
remove @author
simplify isActivated body

- correct line breaks

SCM/JIRA link daemon added a comment - 2017-10-14 09:45 Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/jenkins/security/csrf/CSRFAdministrativeMonitor.java core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.jelly core/src/main/resources/jenkins/security/csrf/CSRFAdministrativeMonitor/message.properties core/src/main/resources/jenkins/security/csrf/Messages.properties test/src/test/java/jenkins/security/csrf/CSRFAdministrativeMonitorTest.java http://jenkins-ci.org/commit/jenkins/02b8e7f3563ac5c758e5829949533ff47bc81e65 Log: JENKINS-47372 Add a new Administrative monitor for CSRF-protection (#3072) JENKINS-47372 add administrative monitor when there is no CSRF issuer configured - add line breaks - add license header put link in the properties instead of the previous mix remove @author simplify isActivated body - correct line breaks

Ryan Campbell added a comment - 2017-10-19 13:44

Merged towards jenkins-2.85

Ryan Campbell added a comment - 2017-10-19 13:44 Merged towards jenkins-2.85

Ryan Campbell made changes - 2017-10-19 13:44

Resolution		Fixed [ 1 ]
Status	In Review [ 10005 ]	Closed [ 6 ]

People

Assignee:: Wadeck Follonier

Reporter:: Oleg Nenashev

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017-10-10 12:33

Updated:: 2017-10-19 13:44

Resolved:: 2017-10-19 13:44