Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20784

Authorize project plugin causes creation of new users in Jenkins

    Details

    • Similar Issues:

      Description

      The plugin uses User.get(String) to retrieve users. This method creates new users on-demand, so your null checks won't work in any case. In addition, this function may lead to creation of new users if admin uses "Specific User" strategy

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
          src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
          http://jenkins-ci.org/commit/authorize-project-plugin/108872b08e97731f58b10816dd4087fdae828cd7
          Log:
          [FIX JENKINS-20784] Specifying an unknwon user should result in anonymous authorization. This also avoids unintended createtion of new users.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java http://jenkins-ci.org/commit/authorize-project-plugin/108872b08e97731f58b10816dd4087fdae828cd7 Log: [FIX JENKINS-20784] Specifying an unknwon user should result in anonymous authorization. This also avoids unintended createtion of new users.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
          http://jenkins-ci.org/commit/authorize-project-plugin/e693f8d37052bf501ab612ef68353bc34a893506
          Log:
          JENKINS-20784 - Avoid user's creation in TriggeringUsersAuthorizationStrategy
          Bad guys can insert everything to UserIdCause, so it is preferable to have such check.
          Related to https://issues.jenkins-ci.org/browse/JENKINS-20784

          Signed-off-by: Oleg Nenashev <nenashev@synopsys.com>

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java http://jenkins-ci.org/commit/authorize-project-plugin/e693f8d37052bf501ab612ef68353bc34a893506 Log: JENKINS-20784 - Avoid user's creation in TriggeringUsersAuthorizationStrategy Bad guys can insert everything to UserIdCause, so it is preferable to have such check. Related to https://issues.jenkins-ci.org/browse/JENKINS-20784 Signed-off-by: Oleg Nenashev <nenashev@synopsys.com>
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: ikedam
          Path:
          src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
          http://jenkins-ci.org/commit/authorize-project-plugin/e65fe602337823db8660f966574f790d01edeb43
          Log:
          Merge pull request #2 from oleg-nenashev/userIdCause_Fix

          JENKINS-20784 - Avoid user's creation in TriggeringUsersAuthorizationStrategy

          Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/2a45c7d6229d...e65fe6023378

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java http://jenkins-ci.org/commit/authorize-project-plugin/e65fe602337823db8660f966574f790d01edeb43 Log: Merge pull request #2 from oleg-nenashev/userIdCause_Fix JENKINS-20784 - Avoid user's creation in TriggeringUsersAuthorizationStrategy Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/2a45c7d6229d...e65fe6023378
          Hide
          ikedam ikedam added a comment -

          Fixed in 1.0.1.

          Show
          ikedam ikedam added a comment - Fixed in 1.0.1.

            People

            • Assignee:
              ikedam ikedam
              Reporter:
              oleg_nenashev Oleg Nenashev
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: