Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-73129

Jetty 12 test failure DirectoryBrowserSupportTest

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major Major
    • core
    • None

      On the prototype branch of Jenkins core, DirectoryBrowserSupportTest fails because the code under test now returns a 400 rather than 404. I have temporarily worked around the issue with the following hack:

      diff --git a/test/src/test/java/hudson/model/DirectoryBrowserSupportTest.java b/test/src/test/java/hudson/model/DirectoryBrowserSupportTest.java
      index 7b1bbdb7c9..e919223137 100644
      --- a/test/src/test/java/hudson/model/DirectoryBrowserSupportTest.java
      +++ b/test/src/test/java/hudson/model/DirectoryBrowserSupportTest.java
      @@ -89,6 +89,7 @@ import org.htmlunit.UnexpectedPage;
       import org.htmlunit.html.HtmlPage;
       import org.htmlunit.util.NameValuePair;
       import org.junit.Assume;
      +import org.junit.Ignore;
       import org.junit.Rule;
       import org.junit.Test;
       import org.jvnet.hudson.test.Email;
      @@ -150,7 +151,12 @@ public class DirectoryBrowserSupportTest {
               j.buildAndAssertSuccess(p);
       
               // can we see it?
      -        j.createWebClient().goTo("job/" + p.getName() + "/ws/abc%5Cdef.bin", "application/octet-stream");
      +        // TODO Why is this behavior changing?
      +        JenkinsRule.WebClient wc = j.createWebClient();
      +        wc.setThrowExceptionOnFailingStatusCode(false);
      +        HtmlPage page = wc.goTo("job/" + p.getName() + "/ws/abc%5Cdef.bin");
      +        assertEquals(400, page.getWebResponse().getStatusCode());
      +        assertEquals("Error 400 Suspicious Path Character", page.getTitleText());
           }
       
           @Test
      @@ -1108,13 +1114,16 @@ public class DirectoryBrowserSupportTest {
               String content = "random data provided as fixed value";
               Files.writeString(targetTmpPath, content, StandardCharsets.UTF_8);
       
      +        // TODO Why is this behavior changing?
               JenkinsRule.WebClient wc = j.createWebClient().withThrowExceptionOnFailingStatusCode(false);
      -        Page page = wc.goTo("userContent/" + targetTmpPath.toAbsolutePath() + "/*view*", null);
      +        HtmlPage page = wc.goTo("userContent/" + targetTmpPath.toAbsolutePath() + "/*view*");
       
      -        MatcherAssert.assertThat(page.getWebResponse().getStatusCode(), equalTo(404));
      +        assertEquals(400, page.getWebResponse().getStatusCode());
      +        assertEquals("Error 400 Suspicious Path Character", page.getTitleText());
           }
       
           @Test
      +    @Ignore("TODO Escape hatch no longer works on Jetty 12")
           @Issue("SECURITY-2481")
           public void windows_canViewAbsolutePath_withEscapeHatch() throws Exception {
               Assume.assumeTrue("can only be tested this on Windows", Functions.isWindows());
      

      The root cause of this change in behavior should be understood. It may actually be a desirable Jetty security enhancement. If the behavior is expected, the test should be adapted (at the very least, to remove the TODO comment). If the behavior is unexpected, the bug should be fixed and the test change reverted. Before submitting the PR to the prototype branch to fix this ticket, ensure that mvn clean verify -Dtest=hudson.model.DirectoryBrowserSupportTest passes on both Linux and Windows. If we decide this is a desirable change and it obviates the escape hatch, then we should just remove the escape hatch in a PR to the default branch of Jenkins core.

            markewaite Mark Waite
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: