Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28440

Allow to reject specific configurations via REST and CLI

    Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: core
    • Labels:
      None
    • Environment:
      Jenkins >= 1.545
    • Similar Issues:

      Description

      Plugins could reject configurations via REST and CLI in Jenkins < 1.545 by throwing exceptions in readResolve.
      Authorize Project plugin performs authentications with this behavior.

      Jenkins 1.545 suppresses exceptions in readResolve in JENKINS-21024 (also backported to Jenkins 1.532.3).
      This results that throwing exceptions in readResolve prevents reading configurations into memories via REST / CLI but cannot prevents saving them to the disk.
      Authorize-project doesn't perform authentications when Jenkins reads configurations from the disk and allows bypassing authentications.

      Jenkins 1.551 introduced XStream2#addCriticalField in SECURITY-107 (also backported to Jenkins 1.532.2) which triggers critical errors by exceptions in readResolve but only applied to system configurations, not applied project configurations via REST / CLI. (Exceptions are suppressed in CopyOnWriteList)

      Jenkins should provides a way for plugins to reject configurations via REST / CLI.

        Attachments

          Issue Links

            Activity

            ikedam ikedam created issue -
            ikedam ikedam made changes -
            Field Original Value New Value
            Link This issue is blocking JENKINS-28298 [ JENKINS-28298 ]
            Hide
            ikedam ikedam added a comment -

            This might mean Authorize Project plugin should provide another way for authentication.

            Show
            ikedam ikedam added a comment - This might mean Authorize Project plugin should provide another way for authentication.
            Show
            ikedam ikedam added a comment - https://github.com/jenkinsci/jenkins/pull/1715
            ikedam ikedam made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            danielbeck Daniel Beck made changes -
            Link This issue is related to JENKINS-21024 [ JENKINS-21024 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            http://jenkins-ci.org/commit/jenkins/be67b45a31f2987dd20cdbdfd4b4997f5250d66f
            Log:
            JENKINS-28440 Added tests to reproduce and explain JENKINS-28440.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/be67b45a31f2987dd20cdbdfd4b4997f5250d66f Log: JENKINS-28440 Added tests to reproduce and explain JENKINS-28440 .
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            core/src/main/java/hudson/util/CopyOnWriteList.java
            core/src/main/java/hudson/util/RobustCollectionConverter.java
            core/src/main/java/hudson/util/RobustMapConverter.java
            core/src/main/java/hudson/util/RobustReflectionConverter.java
            core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
            core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
            http://jenkins-ci.org/commit/jenkins/2082b08e2a0e54856370af9e3dda342475dff334
            Log:
            [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustMapConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java http://jenkins-ci.org/commit/jenkins/2082b08e2a0e54856370af9e3dda342475dff334 Log: [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI.
            scm_issue_link SCM/JIRA link daemon made changes -
            Status In Progress [ 3 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            http://jenkins-ci.org/commit/jenkins/7958928aedab9695379f17e6462f8b8236910497
            Log:
            JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/7958928aedab9695379f17e6462f8b8236910497 Log: JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Daniel Beck
            Path:
            core/src/main/java/hudson/util/CopyOnWriteList.java
            core/src/main/java/hudson/util/RobustCollectionConverter.java
            core/src/main/java/hudson/util/RobustMapConverter.java
            core/src/main/java/hudson/util/RobustReflectionConverter.java
            core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
            core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
            test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            http://jenkins-ci.org/commit/jenkins/e46afb59fd09c9418297a0573252171921a48cea
            Log:
            Merge pull request #1715 from ikedam/feature/JENKINS-28440_HandleCriticalField

            JENKINS-28440 Reject configurations with errors in critical fields via REST / CLI

            Compare: https://github.com/jenkinsci/jenkins/compare/c1b60f18b548...e46afb59fd09

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Daniel Beck Path: core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustMapConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/e46afb59fd09c9418297a0573252171921a48cea Log: Merge pull request #1715 from ikedam/feature/ JENKINS-28440 _HandleCriticalField JENKINS-28440 Reject configurations with errors in critical fields via REST / CLI Compare: https://github.com/jenkinsci/jenkins/compare/c1b60f18b548...e46afb59fd09
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #4250
            JENKINS-28440 Added tests to reproduce and explain JENKINS-28440. (Revision be67b45a31f2987dd20cdbdfd4b4997f5250d66f)
            [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI. (Revision 2082b08e2a0e54856370af9e3dda342475dff334)
            JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI. (Revision 7958928aedab9695379f17e6462f8b8236910497)

            Result = SUCCESS
            devld : be67b45a31f2987dd20cdbdfd4b4997f5250d66f
            Files :

            • test/src/test/java/hudson/util/RobustReflectionConverterTest.java

            devld : 2082b08e2a0e54856370af9e3dda342475dff334
            Files :

            • core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
            • core/src/main/java/hudson/util/xstream/ImmutableListConverter.java
            • core/src/main/java/hudson/util/RobustCollectionConverter.java
            • core/src/main/java/hudson/util/RobustReflectionConverter.java
            • core/src/main/java/hudson/util/CopyOnWriteList.java
            • core/src/main/java/hudson/util/RobustMapConverter.java

            devld : 7958928aedab9695379f17e6462f8b8236910497
            Files :

            • test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #4250 JENKINS-28440 Added tests to reproduce and explain JENKINS-28440 . (Revision be67b45a31f2987dd20cdbdfd4b4997f5250d66f) [FIXED JENKINS-28440] Raises a critical exception for an error in a critical field. This allows plugins to reject unacceptable configurations via REST / CLI. (Revision 2082b08e2a0e54856370af9e3dda342475dff334) JENKINS-28440 Updates tests for JENKINS-28440 to verify behaviors of UI. (Revision 7958928aedab9695379f17e6462f8b8236910497) Result = SUCCESS devld : be67b45a31f2987dd20cdbdfd4b4997f5250d66f Files : test/src/test/java/hudson/util/RobustReflectionConverterTest.java devld : 2082b08e2a0e54856370af9e3dda342475dff334 Files : core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java core/src/main/java/hudson/util/xstream/ImmutableListConverter.java core/src/main/java/hudson/util/RobustCollectionConverter.java core/src/main/java/hudson/util/RobustReflectionConverter.java core/src/main/java/hudson/util/CopyOnWriteList.java core/src/main/java/hudson/util/RobustMapConverter.java devld : 7958928aedab9695379f17e6462f8b8236910497 Files : test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
            http://jenkins-ci.org/commit/jenkins/d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce
            Log:
            JENKINS-28440 Added @since for CriticalXStreamException.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java http://jenkins-ci.org/commit/jenkins/d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce Log: JENKINS-28440 Added @since for CriticalXStreamException.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: ikedam
            Path:
            test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            http://jenkins-ci.org/commit/jenkins/0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e
            Log:
            JENKINS-28440 Uses CLICommandInvoker in tests.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e Log: JENKINS-28440 Uses CLICommandInvoker in tests.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java
            test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            http://jenkins-ci.org/commit/jenkins/69a98484c8a879fef9532e68670e72f5d74267b7
            Log:
            Merge pull request #1811 from ikedam/feature/JENKINS-28440_AdditionalFix

            JENKINS-28440 Additional fixes for #1715

            Compare: https://github.com/jenkinsci/jenkins/compare/bc2ad1b992d1...69a98484c8a8

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java test/src/test/java/hudson/util/RobustReflectionConverterTest.java http://jenkins-ci.org/commit/jenkins/69a98484c8a879fef9532e68670e72f5d74267b7 Log: Merge pull request #1811 from ikedam/feature/ JENKINS-28440 _AdditionalFix JENKINS-28440 Additional fixes for #1715 Compare: https://github.com/jenkinsci/jenkins/compare/bc2ad1b992d1...69a98484c8a8
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #4273
            JENKINS-28440 Added @since for CriticalXStreamException. (Revision d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce)
            JENKINS-28440 Uses CLICommandInvoker in tests. (Revision 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e)

            Result = SUCCESS
            devld : d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce
            Files :

            • core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java

            devld : 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e
            Files :

            • test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #4273 JENKINS-28440 Added @since for CriticalXStreamException. (Revision d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce) JENKINS-28440 Uses CLICommandInvoker in tests. (Revision 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e) Result = SUCCESS devld : d6f9c5cdde8b80a40d3ce65f716099621c0ae9ce Files : core/src/main/java/jenkins/util/xstream/CriticalXStreamException.java devld : 0d54d89a367e5b3de3bde6fcc590ba6bedbfa82e Files : test/src/test/java/hudson/util/RobustReflectionConverterTest.java
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 163280 ] JNJira + In-Review [ 197159 ]

              People

              • Assignee:
                ikedam ikedam
                Reporter:
                ikedam ikedam
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: