• Type: New Feature
• Resolution: Fixed
• Priority: Minor
• Component/s: workflow-support-plugin
• Labels:

  • pipeline
  • plugin

[JENKINS-54227] Safely expose the Cause(s) associated with the current build

mike cirioli created issue - 2018-10-24 18:41

mike cirioli made changes - 2018-10-24 18:41

Description

Original: It is currently not possible to access the <code>Cause</code>s of a build without using the non-whitelisted <code>currentBuild.getRawBuild().getCauses()</code> function. An additional drawback to that approach is that is allows direct access to the actual <code>Cause</code> objects, which could potentially allow a malicious pipeline script to manipulate the <code>Cause</code> associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a <code>Cause</code>s <code>@Exported</code> fields: For example, a build with a <code>hudson.model.Cause$UserId</code> cause produce the following output: <code:json> [    {       "_class":"hudson.model.Cause$UserIdCause",       "shortDescription":"Started by user anonymous",       "userId":"tester",       "userName":"anonymous"    } ] </code>

New: It is currently not possible to access the <code>Cause</code>s of a build without using the non-whitelisted \{code}currentBuild.getRawBuild().getCauses()\{/code} function. An additional drawback to that approach is that is allows direct access to the actual <code>Cause</code> objects, which could potentially allow a malicious pipeline script to manipulate the <code>Cause</code> associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a <code>Cause</code>s <code>@Exported</code> fields: For example, a build with a <code>hudson.model.Cause$UserId</code> cause produce the following output:  <code:json>  [ { "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" } ]  </code>

mike cirioli made changes - 2018-10-24 18:45

Description

Original: It is currently not possible to access the <code>Cause</code>s of a build without using the non-whitelisted \{code}currentBuild.getRawBuild().getCauses()\{/code} function. An additional drawback to that approach is that is allows direct access to the actual <code>Cause</code> objects, which could potentially allow a malicious pipeline script to manipulate the <code>Cause</code> associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a <code>Cause</code>s <code>@Exported</code> fields: For example, a build with a <code>hudson.model.Cause$UserId</code> cause produce the following output:  <code:json>  [ { "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" } ]  </code>

New: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:     {code:json} [ { "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" } ] {code}

mike cirioli made changes - 2018-10-24 18:45

Description

Original: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:     {code:json} [ { "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" } ] {code}

New: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:     {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }]{code}

mike cirioli made changes - 2018-10-24 18:56

Description

Original: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:     {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }]{code}

New: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:   {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code:json} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class (or superclass) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains {{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code:json} echo currentBuild.getBuildCauses(hudson.model.Cause$UserIdCause).size() {code}

mike cirioli made changes - 2018-10-24 19:02

Description

Original: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's <code>ModelBuilder</code> to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:   {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code:json} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class (or superclass) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains {{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code:json} echo currentBuild.getBuildCauses(hudson.model.Cause$UserIdCause).size() {code}

New: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's {{ModelBuilder}} to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:   {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code:json} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class (or superclass) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains {{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code:json} echo currentBuild.getBuildCauses(hudson.model.Cause$UserIdCause).size() {code}

Devin Nusbaum made changes - 2018-11-06 14:15

Released As		New: workflow-support 2.22
Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Devin Nusbaum made changes - 2018-11-06 14:16

Link

New: This issue duplicates JENKINS-41272 [ JENKINS-41272 ]

Devin Nusbaum made changes - 2018-11-06 14:17

Description

Original: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's {{ModelBuilder}} to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:   {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code:json} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class (or superclass) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains {{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code:json} echo currentBuild.getBuildCauses(hudson.model.Cause$UserIdCause).size() {code}

New: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's {{ModelBuilder}} to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:   {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code:json} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class name (or superclass name) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains {{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code:json} echo currentBuild.getBuildCauses("hudson.model.Cause$UserIdCause").size() {code}

Devin Nusbaum made changes - 2018-11-06 14:23

Remote Link

New: This issue links to "jenkinsci/workflow-support-plugin#78 (Web Link)" [ 22011 ]

Reinhold Füreder made changes - 2018-11-07 13:24

Description

Original: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's {{ModelBuilder}} to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output:   {code:json} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code:json} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class name (or superclass name) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains {{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code:json} echo currentBuild.getBuildCauses("hudson.model.Cause$UserIdCause").size() {code}

New: It is currently not possible to access the {{Cause}}s of a build without using the non-whitelisted {{currentBuild.getRawBuild().getCauses()}} function. An additional drawback to that approach is that is allows direct access to the actual {{Cause}} objects, which could potentially allow a malicious pipeline script to manipulate the {{Cause}} associated with an upstream build. This jira and its associated PR propose a different approach based on the use of stapler's {{ModelBuilder}} to create a JSON representation of a {{Cause}}s {{@Exported}} fields: For example, a build with a {{hudson.model.Cause$UserId}} cause produce the following output: {code} [{ "_class":"hudson.model.Cause$UserIdCause", "shortDescription":"Started by user anonymous", "userId":"tester", "userName":"anonymous" }] {code} The JSON objects in the resulting array can be used directly in a pipeline: {code} assert currentBuild.getBuildCauses().size() == 1 assert currentBuild.getBuildCauses()[0].userId == 'tester' echo currentBuild.getBuildCauses()[0].shortDescription {code} Additionally, you can filter the result of {{currentBuild.getBuildCauses()}} by passing a class name (or superclass name) of the type you would like to filter by. For example, to get a list of build {{Cause}}s that only contains \{{Cause}}s of type {{hudson.model.Cause$UserIdCause}}, call the method like this: {code} echo currentBuild.getBuildCauses('hudson.model.Cause$UserIdCause').size() {code}

Load more newer history items