Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14655

allow gerrit trigger plugin to execute job on jenkins only if the author/commiter appears in a whitelist

    Details

    • Similar Issues:

      Description

      Today, if you set a job in a public Jenkins instance to run on each gerrit patch from the community, it might be used by malicious user to run un-authorized code or malicious code on the jenkins server.
      (for e.g. sending a patch to 'rm -rf... ')

      also, it might be the jenkins server can't handle load of multiple patches and you want to restrict the job for specific users only.

      one of the ways of handling this is maintaining a whitelist of authors that can trigger a jenkins job (once they send a patch).

      so i suggest that the gerrit trigger plugin will be able to check if the author of the specific commit that triggered the job, match a whitelist that will be in a file (can be in the git repo itself).

      if the author doesn't exist, the job can abort/fail.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              rsandell rsandell
              Reporter:
              eedri Eyal Edri
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: