Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24080

set-build-result and set-build-parameter do insufficient checks

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Formally filing some issues which were previously noted parenthetically in JENKINS-22472:

      SetBuildResultCommand checks Item.BUILD; I would have expected Run.UPDATE. And SetBuildParameterCommand does no check at all.

      getCurrentlyBuilding does not even check Run.isBuilding, so this could even be used to mangle a completed build's state, such as parameters via SetBuildParameterCommand. (SetBuildResultCommand would not work on a finished build because of checks inside Run.setResult.)

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            changelog.html
            core/src/main/java/hudson/cli/CommandDuringBuild.java
            core/src/main/java/hudson/cli/SetBuildParameterCommand.java
            core/src/main/java/hudson/cli/SetBuildResultCommand.java
            test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
            http://jenkins-ci.org/commit/jenkins/137c90cc612ddb3a51d050be298dcd2e0ae86a4c
            Log:
            [FIXED JENKINS-24080] Improved security of CommandDuringBuild and its current implementations.

            Compare: https://github.com/jenkinsci/jenkins/compare/4f27f4cc2633...137c90cc612d

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/cli/CommandDuringBuild.java core/src/main/java/hudson/cli/SetBuildParameterCommand.java core/src/main/java/hudson/cli/SetBuildResultCommand.java test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy http://jenkins-ci.org/commit/jenkins/137c90cc612ddb3a51d050be298dcd2e0ae86a4c Log: [FIXED JENKINS-24080] Improved security of CommandDuringBuild and its current implementations. Compare: https://github.com/jenkinsci/jenkins/compare/4f27f4cc2633...137c90cc612d
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #3573
            [FIXED JENKINS-24080] Improved security of CommandDuringBuild and its current implementations. (Revision 137c90cc612ddb3a51d050be298dcd2e0ae86a4c)

            Result = SUCCESS
            Jesse Glick : 137c90cc612ddb3a51d050be298dcd2e0ae86a4c
            Files :

            • core/src/main/java/hudson/cli/SetBuildParameterCommand.java
            • core/src/main/java/hudson/cli/SetBuildResultCommand.java
            • test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
            • core/src/main/java/hudson/cli/CommandDuringBuild.java
            • changelog.html
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3573 [FIXED JENKINS-24080] Improved security of CommandDuringBuild and its current implementations. (Revision 137c90cc612ddb3a51d050be298dcd2e0ae86a4c) Result = SUCCESS Jesse Glick : 137c90cc612ddb3a51d050be298dcd2e0ae86a4c Files : core/src/main/java/hudson/cli/SetBuildParameterCommand.java core/src/main/java/hudson/cli/SetBuildResultCommand.java test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy core/src/main/java/hudson/cli/CommandDuringBuild.java changelog.html
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/cli/CommandDuringBuild.java
            core/src/main/java/hudson/cli/SetBuildParameterCommand.java
            core/src/main/java/hudson/cli/SetBuildResultCommand.java
            test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy
            http://jenkins-ci.org/commit/jenkins/784e91b1b6efa7ade41262a9973c1cee40d42edc
            Log:
            [FIXED JENKINS-24080] Improved security of CommandDuringBuild and its current implementations.
            (cherry picked from commit 137c90cc612ddb3a51d050be298dcd2e0ae86a4c)

            Conflicts:
            changelog.html

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/cli/CommandDuringBuild.java core/src/main/java/hudson/cli/SetBuildParameterCommand.java core/src/main/java/hudson/cli/SetBuildResultCommand.java test/src/test/groovy/hudson/cli/SetBuildParameterCommandTest.groovy http://jenkins-ci.org/commit/jenkins/784e91b1b6efa7ade41262a9973c1cee40d42edc Log: [FIXED JENKINS-24080] Improved security of CommandDuringBuild and its current implementations. (cherry picked from commit 137c90cc612ddb3a51d050be298dcd2e0ae86a4c) Conflicts: changelog.html

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: