Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63928

Snippet Generator doesn't work with last version of Audit Trail plugin

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Hello,

      I have an issue with the following versions :

      • Jenkins 2.249.1
      • Pipeline: Groovy 2.83
      • Audit Trail 3.7

      Go to the Snippet Generator : http://<jenkins-url>/pipeline-syntax/

      The "Generate Pipeline Script" button doesn't work.

       

      Going back to Audit Trail 3.6 solve the issue.

       

        Attachments

          Activity

          Hide
          timja Tim Jacomb added a comment -

          Can you be clearer on the issue?

           

          is it the whole pipeline syntax or just the audit trail plugin?

           

          Screen shots?

           

          Is there any errors in the browser console?

          Show
          timja Tim Jacomb added a comment - Can you be clearer on the issue?   is it the whole pipeline syntax or just the audit trail plugin?   Screen shots?   Is there any errors in the browser console?
          Hide
          allan_burdajewicz Allan BURDAJEWICZ added a comment -

          This seems to be caused by a security fix in Audit trail. I am able to reproduce this in an environment where Audit Trail was upgraded. I see an Administrative Monitor that points to (https://github.com/jenkinsci/audit-trail-plugin/blob/master/docs/bypassable-patterns.adoc). And hitting "Apply default pattern" fixes this. Maybe Audit trail is blocking some requests with the legacy pattern.

          Show
          allan_burdajewicz Allan BURDAJEWICZ added a comment - This seems to be caused by a security fix in Audit trail. I am able to reproduce this in an environment where Audit Trail was upgraded. I see an Administrative Monitor that points to ( https://github.com/jenkinsci/audit-trail-plugin/blob/master/docs/bypassable-patterns.adoc ). And hitting "Apply default pattern" fixes this. Maybe Audit trail is blocking some requests with the legacy pattern.
          Hide
          prukamar Kamar Rushdi Kamar Hisham added a comment -

          Will there be any impact if we "Apply default pattern?" Having the below error:

          Show
          prukamar Kamar Rushdi Kamar Hisham added a comment - Will there be any impact if we "Apply default pattern?" Having the below error:
          Hide
          pierrebtz Pierre Beitz added a comment -

          Kamar Rushdi Kamar Hisham this monitor is not an error but a warning indicating that the pattern you are using with audit trail plugin can be bypassed, if you click on the link provided in the monitor you can get more extended information.

          Show
          pierrebtz Pierre Beitz added a comment - Kamar Rushdi Kamar Hisham this monitor is not an error but a warning indicating that the pattern you are using with audit trail plugin can be bypassed, if you click on the link provided in the monitor you can get more extended information.
          Hide
          pierrebtz Pierre Beitz added a comment - - edited

          Tim Jacomb Allan BURDAJEWICZ I replayed the use case and indeed the issue is visible only when the Audit Trail security monitor introduced in Audit Trail 3.7 is triggered. I debugged further, the frontend never sends a POST request to /jenkins/pipeline-syntax/generateSnippet. Upon looking further, the faulty call is around there:

           

          https://github.com/jenkinsci/workflow-cps-plugin/blob/0e4c25f8d7b84470aa523491e29933db3b3df588/src/main/resources/org/jenkinsci/plugins/workflow/cps/Snippetizer/index.jelly#L83

           

          Interestingly enough, there is a comment from Jesse Glick saying this call can fail in some circumstances. Not clear to me if we are in the same circumstances.

          Right now I cannot understand the link because the failing js side, and this admin monitor: https://github.com/jenkinsci/audit-trail-plugin/blob/aeb49db71a1a4ec715286f93c42f581808f49592/src/main/java/hudson/plugins/audit_trail/BypassablePatternMonitor.java

          Show
          pierrebtz Pierre Beitz added a comment - - edited Tim Jacomb Allan BURDAJEWICZ I replayed the use case and indeed the issue is visible only when the Audit Trail security monitor introduced in Audit Trail 3.7 is triggered. I debugged further, the frontend never sends a POST request to /jenkins/pipeline-syntax/generateSnippet. Upon looking further, the faulty call is around there:   https://github.com/jenkinsci/workflow-cps-plugin/blob/0e4c25f8d7b84470aa523491e29933db3b3df588/src/main/resources/org/jenkinsci/plugins/workflow/cps/Snippetizer/index.jelly#L83   Interestingly enough, there is a comment from Jesse Glick saying this call can fail in some circumstances. Not clear to me if we are in the same circumstances. Right now I cannot understand the link because the failing js side, and this admin monitor:  https://github.com/jenkinsci/audit-trail-plugin/blob/aeb49db71a1a4ec715286f93c42f581808f49592/src/main/java/hudson/plugins/audit_trail/BypassablePatternMonitor.java
          Hide
          timja Tim Jacomb added a comment -

          The comment is referring to the outdated prototype javascript library we use and how it hijacks the javascript prototypes and breaks certain methods...

          Show
          timja Tim Jacomb added a comment - The comment is referring to the outdated prototype javascript library we use and how it hijacks the javascript prototypes and breaks certain methods...
          Hide
          wfollonier Wadeck Follonier added a comment - - edited

          Bug corrected in https://github.com/jenkinsci/audit-trail-plugin/pull/47, please have a look.

          Possible workarounds: using a user without admin permission (to not have the monitors displayed) or ensure the monitor is not shown by applying the new default.

          Show
          wfollonier Wadeck Follonier added a comment - - edited Bug corrected in https://github.com/jenkinsci/audit-trail-plugin/pull/47 , please have a look. Possible workarounds : using a user without admin permission (to not have the monitors displayed) or ensure the monitor is not shown by applying the new default.

            People

            Assignee:
            wfollonier Wadeck Follonier
            Reporter:
            jjapache JJ Apache
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: