Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73128

Jetty 12 test failure in PluginTest on Windows

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      On the prototype branch of Jenkins core, PluginTest fails on Windows (but not on Linux) because the code under test now returns a 400 rather than 404. I have temporarily worked around the issue with the following hack:

      diff --git a/test/src/test/java/hudson/PluginTest.java b/test/src/test/java/hudson/PluginTest.java
      index 0e4192ae4b..477770d641 100644
      --- a/test/src/test/java/hudson/PluginTest.java
      +++ b/test/src/test/java/hudson/PluginTest.java
      @@ -54,7 +54,8 @@ public class PluginTest {
               r.createWebClient().assertFails("plugin/matrix-auth/images/%2e%2e%2fWEB-INF/licenses.xml", HttpServletResponse.SC_BAD_REQUEST);
               r.createWebClient().assertFails("plugin/matrix-auth/images/%2e.%2fWEB-INF/licenses.xml", HttpServletResponse.SC_BAD_REQUEST);
               r.createWebClient().assertFails("plugin/matrix-auth/images/..%2f..%2f..%2f" + r.jenkins.getRootDir().getName() + "%2fsecrets%2fmaster.key", HttpServletResponse.SC_BAD_REQUEST);
      -        r.createWebClient().assertFails("plugin/matrix-auth/" + r.jenkins.getRootDir() + "/secrets/master.key", /* ./ prepended anyway */ HttpServletResponse.SC_NOT_FOUND);
      +        // TODO Why is this behavior changing?
      +        r.createWebClient().assertFails("plugin/matrix-auth/" + r.jenkins.getRootDir() + "/secrets/master.key", /* ./ prepended anyway */ Functions.isWindows() ? HttpServletResponse.SC_BAD_REQUEST : HttpServletResponse.SC_NOT_FOU
      ND);
               // SECURITY-155:
               r.createWebClient().assertFails("plugin/matrix-auth/WEB-INF/licenses.xml", HttpServletResponse.SC_BAD_REQUEST);
               r.createWebClient().assertFails("plugin/matrix-auth/META-INF/MANIFEST.MF", HttpServletResponse.SC_BAD_REQUEST);
      

      The root cause of this change in behavior should be understood. It may actually be a desirable Jetty security enhancement. If the behavior is expected, the test should be adapted (at the very least, to remove the TODO comment). If the behavior is unexpected, the bug should be fixed and the test change reverted. Before submitting the PR to the prototype branch to fix this ticket, ensure that mvn clean verify -Dtest=hudson.PluginTest passes on both Linux and Windows.

            markewaite Mark Waite
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: