Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67836

Pipeline: Groovy Plugin [SECURITY-2463] excessive path length

      With this update, workspace subfolders are created with a 64-character randomized name.  This can result in path length limit violations in established Jenkins pipeline projects on a Windows system, which has a default max path of 260 characters.  The code generating this long folder name appears to be from commit SECURITY-2463/SECURITY-2595.  It looks like the supplied length integer of '32' is resulting in a a 64-character folder name.  Can the length integer be reduced to '8' or '16' for better compatibility with Windows systems?  The same code was introduced in the Pipeline: Shared Groovy Libraries and Pipeline: Multibranch plugins as well.

       

       

          [JENKINS-67836] Pipeline: Groovy Plugin [SECURITY-2463] excessive path length

          61115anon created issue -
          61115anon made changes -
          Description Original: With this update, workspace subfolders are created with a 64-character randomized name.  This can result in path length limit violations in established Jenkins pipeline projects on a Windows system, which has a default max path of 260 characters.  The code generating this long folder name appears to be from commit [[SECURITY-2463][SECURITY-2595]|[https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85#diff-751ef0b8272fefc4b69f6302b381e99ddc17417176a159adaf9e98e5d83566d4R73].]  It looks like the supplied length integer of '32' is resulting in a a 64-character folder name.  Can the length integer be reduced to '8' or '16' for better compatibility with Windows systems?  The same code was introduced in the [Pipeline: Shared Groovy Libraries|https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365#diff-eaa8a410be0be48d82766e1847edc6c3f7fec81bd6446edeb4ce7de98a6bd74dR40] and [Pipeline: Multibranch|https://github.com/jenkinsci/workflow-multibranch-plugin/commit/71c3f0a6ccdb2ba43f43686826b0d62160df85e8#diff-14ae4841ae3d878106476d5dcb1c56e8b344ddf1bfbaeef73fc707f2354e0304R76] plugins as well.

           

           
          New: With this update, workspace subfolders are created with a 64-character randomized name.  This can result in path length limit violations in established Jenkins pipeline projects on a Windows system, which has a default max path of 260 characters.  The code generating this long folder name appears to be from commit [[SECURITY-2463][SECURITY-2595]|https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85#diff-751ef0b8272fefc4b69f6302b381e99ddc17417176a159adaf9e98e5d83566d4R73].  It looks like the supplied length integer of '32' is resulting in a a 64-character folder name.  Can the length integer be reduced to '8' or '16' for better compatibility with Windows systems?  The same code was introduced in the [Pipeline: Shared Groovy Libraries|https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365#diff-eaa8a410be0be48d82766e1847edc6c3f7fec81bd6446edeb4ce7de98a6bd74dR40] and [Pipeline: Multibranch|https://github.com/jenkinsci/workflow-multibranch-plugin/commit/71c3f0a6ccdb2ba43f43686826b0d62160df85e8#diff-14ae4841ae3d878106476d5dcb1c56e8b344ddf1bfbaeef73fc707f2354e0304R76] plugins as well.

           

           
          61115anon made changes -
          Description Original: With this update, workspace subfolders are created with a 64-character randomized name.  This can result in path length limit violations in established Jenkins pipeline projects on a Windows system, which has a default max path of 260 characters.  The code generating this long folder name appears to be from commit [[SECURITY-2463][SECURITY-2595]|https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85#diff-751ef0b8272fefc4b69f6302b381e99ddc17417176a159adaf9e98e5d83566d4R73].  It looks like the supplied length integer of '32' is resulting in a a 64-character folder name.  Can the length integer be reduced to '8' or '16' for better compatibility with Windows systems?  The same code was introduced in the [Pipeline: Shared Groovy Libraries|https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365#diff-eaa8a410be0be48d82766e1847edc6c3f7fec81bd6446edeb4ce7de98a6bd74dR40] and [Pipeline: Multibranch|https://github.com/jenkinsci/workflow-multibranch-plugin/commit/71c3f0a6ccdb2ba43f43686826b0d62160df85e8#diff-14ae4841ae3d878106476d5dcb1c56e8b344ddf1bfbaeef73fc707f2354e0304R76] plugins as well.

           

           
          New: With this update, workspace subfolders are created with a 64-character randomized name.  This can result in path length limit violations in established Jenkins pipeline projects on a Windows system, which has a default max path of 260 characters.  The code generating this long folder name appears to be from commit [SECURITY-2463/SECURITY-2595|https://github.com/jenkinsci/workflow-cps-plugin/commit/f7ae7b75a457976853539bff1db52373b85fdb85#diff-751ef0b8272fefc4b69f6302b381e99ddc17417176a159adaf9e98e5d83566d4R73].  It looks like the supplied length integer of '32' is resulting in a a 64-character folder name.  Can the length integer be reduced to '8' or '16' for better compatibility with Windows systems?  The same code was introduced in the [Pipeline: Shared Groovy Libraries|https://github.com/jenkinsci/workflow-cps-global-lib-plugin/commit/ace0de3c2d691662021ea10306eeb407da6b6365#diff-eaa8a410be0be48d82766e1847edc6c3f7fec81bd6446edeb4ce7de98a6bd74dR40] and [Pipeline: Multibranch|https://github.com/jenkinsci/workflow-multibranch-plugin/commit/71c3f0a6ccdb2ba43f43686826b0d62160df85e8#diff-14ae4841ae3d878106476d5dcb1c56e8b344ddf1bfbaeef73fc707f2354e0304R76] plugins as well.

           

           
          61115anon made changes -
          Issue Type Original: New Feature [ 2 ] New: Improvement [ 4 ]

          It seems CpsScmFlowDefinition does not create this 64-character subfolder if it can use lightweight checkout instead. Which it probably cannot if the SCM needs to merge a pull request.

          Kalle Niemitalo added a comment - It seems CpsScmFlowDefinition does not create this 64-character subfolder if it can use lightweight checkout instead. Which it probably cannot if the SCM needs to merge a pull request.

          Jesse Glick added a comment -

          Can the length integer be reduced

          Probably not without subverting the security fix, right dnusbaum?

          if the SCM needs to merge a pull request

          In GitHub? Try head rather than merge branch discovery mode.

          Jesse Glick added a comment - Can the length integer be reduced Probably not without subverting the security fix, right dnusbaum ? if the SCM needs to merge a pull request In GitHub? Try head rather than merge branch discovery mode.

          HMACConfidentialKey.mac uses Util.toHexString on a 256-bit MAC, resulting in 64 characters. If this were switched to Base32, then it would be 52 characters with the same security. Base64 would be 43 characters but would lose some security on case-insensitive file systems.

          Kalle Niemitalo added a comment - HMACConfidentialKey.mac uses Util.toHexString on a 256-bit MAC, resulting in 64 characters. If this were switched to Base32, then it would be 52 characters with the same security. Base64 would be 43 characters but would lose some security on case-insensitive file systems.

          On Windows, it would also be possible to use non-ASCII characters in the directory name. If there were 16384 usable case-insensitive code points in the Basic Multilingual Plane, then each code point would hold 14 bits, and 256 bits would fit in 19 code points. However, I don't think this would be a good idea, because:

          • The code points would have to be chosen carefully, to ensure that file systems won't treat any of them as equivalent, even if using future versions of Unicode. Any mistakes here would weaken the security somewhat.
          • The implementation that maps binary values to code points would either be somewhat complex (a binary search on ranges with strides) or need a large array of constants.
          • Jenkins administrators would have difficulty typing the directory names, or even listing them if the font does not support the characters.
          • Unusual characters in directory names might hit bugs similar to JENKINS-48493. Not that bug specifically but similar ones elsewhere.

          Kalle Niemitalo added a comment - On Windows, it would also be possible to use non-ASCII characters in the directory name. If there were 16384 usable case-insensitive code points in the Basic Multilingual Plane, then each code point would hold 14 bits, and 256 bits would fit in 19 code points. However, I don't think this would be a good idea, because: The code points would have to be chosen carefully, to ensure that file systems won't treat any of them as equivalent, even if using future versions of Unicode. Any mistakes here would weaken the security somewhat. The implementation that maps binary values to code points would either be somewhat complex (a binary search on ranges with strides) or need a large array of constants. Jenkins administrators would have difficulty typing the directory names, or even listing them if the font does not support the characters. Unusual characters in directory names might hit bugs similar to JENKINS-48493 . Not that bug specifically but similar ones elsewhere.

          Jesse Glick added a comment -

          For comparison, we used to have similar problems with the workspace paths of Pipeline branch projects, which were resolved (I hope!) by switching to a different scheme whereby a truncated yet human-readable version of the branch name becomes the directory name but conflicts are explicitly prevented by means of an index file listing branches and corresponding directories. See https://github.com/jenkinsci/branch-api-plugin/pull/129.

          Jesse Glick added a comment - For comparison, we used to have similar problems with the workspace paths of Pipeline branch projects, which were resolved (I hope!) by switching to a different scheme whereby a truncated yet human-readable version of the branch name becomes the directory name but conflicts are explicitly prevented by means of an index file listing branches and corresponding directories. See https://github.com/jenkinsci/branch-api-plugin/pull/129 .
          Jesse Glick made changes -
          Link New: This issue relates to JENKINS-2111 [ JENKINS-2111 ]

            Unassigned Unassigned
            mpalla 61115anon
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: