Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46482

Parameter Mapping is not working due to SECURITY-170

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: jira-trigger-plugin
    • Labels:
      None
    • Environment:
      Jenkins 1.651.2+
      Jenkins 2.3+
      jira-trigger-plugin 0.4.2
    • Similar Issues:

      Description

      See Jenkins security update:

      One of the fixes may well break some of your use cases in Jenkins, at least until plugins have been adapted: SECURITY-170. This change removes parameters that are not defined on a job from the build environment.

       

        Attachments

          Activity

          ceilfors Wisen Tanasa created issue -
          ceilfors Wisen Tanasa made changes -
          Field Original Value New Value
          Environment Jenkins 1.651.2+
          Jenkins 2.3+
          Jenkins 1.651.2+
          Jenkins 2.3+
          jira-trigger-plugin 0.4.2
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Wisen Tanasa
          Path:
          CHANGELOG.md
          build.gradle
          http://jenkins-ci.org/commit/jira-trigger-plugin/b57199581110ae8b48a73079ae41ebea51dc82e4
          Log:
          JENKINS-46482 Update Jenkins core version from 1.642 to 1.651.2

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wisen Tanasa Path: CHANGELOG.md build.gradle http://jenkins-ci.org/commit/jira-trigger-plugin/b57199581110ae8b48a73079ae41ebea51dc82e4 Log: JENKINS-46482 Update Jenkins core version from 1.642 to 1.651.2
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Wisen Tanasa
          Path:
          src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/JiraTriggerAcceptanceTest.groovy
          src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsBlockingQueue.groovy
          src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsRunner.groovy
          src/jiraIntegrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/RealJiraRunner.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/JiraTrigger.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy
          http://jenkins-ci.org/commit/jira-trigger-plugin/267e946e7108072417cf59d94532acbd2b34adef
          Log:
          JENKINS-46482 Migrate implementation from Parameter concept to Environment variables.

          Using Environment because theoretically what we are trying to do here is not parameters.
          Update acceptance test to assert environment instead of parameter.
          Update JenkinsBlockingQueue to return scheduled jobs instead of queue item. This is necessary as the 'environment' variable is only available in a build object.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wisen Tanasa Path: src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/JiraTriggerAcceptanceTest.groovy src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsBlockingQueue.groovy src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsRunner.groovy src/jiraIntegrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/RealJiraRunner.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/JiraTrigger.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy http://jenkins-ci.org/commit/jira-trigger-plugin/267e946e7108072417cf59d94532acbd2b34adef Log: JENKINS-46482 Migrate implementation from Parameter concept to Environment variables. Using Environment because theoretically what we are trying to do here is not parameters. Update acceptance test to assert environment instead of parameter. Update JenkinsBlockingQueue to return scheduled jobs instead of queue item. This is necessary as the 'environment' variable is only available in a build object.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Wisen Tanasa
          Path:
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/CustomFieldParameterResolver.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/IssueAttributePathParameterResolver.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/ParameterResolver.groovy
          src/test/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/CustomFieldParameterResolverTest.groovy
          src/test/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/IssueAttributePathParameterResolverTest.groovy
          http://jenkins-ci.org/commit/jira-trigger-plugin/25354815391995a79d4f939f7d68760ee1551351
          Log:
          JENKINS-46482 Return String instead of StringParameterValue.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wisen Tanasa Path: src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/CustomFieldParameterResolver.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/IssueAttributePathParameterResolver.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/ParameterResolver.groovy src/test/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/CustomFieldParameterResolverTest.groovy src/test/groovy/com/ceilfors/jenkins/plugins/jiratrigger/parameter/IssueAttributePathParameterResolverTest.groovy http://jenkins-ci.org/commit/jira-trigger-plugin/25354815391995a79d4f939f7d68760ee1551351 Log: JENKINS-46482 Return String instead of StringParameterValue.
          Hide
          ceilfors Wisen Tanasa added a comment -

          Released under 0.5.0.

          Show
          ceilfors Wisen Tanasa added a comment - Released under 0.5.0.
          ceilfors Wisen Tanasa made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          michaelpporter Michael Porter added a comment - - edited

          The latest release removed all of my parameter mappings.

           

          Jenkins version Jenkins ver. 2.60.3

          pipeline job

          String parameter

          Name -> LABELS

          Build when issue is updated:

          (summary ~ 'WPSITE UPDATES') AND resolution = Unresolved

          Parameter mapping

          Jenkins parameter -> LABELS

          Issue attribute path -> labels

           

          In the pipeline the values are empty.

           

          When I rolled back to 0.4.2 from 0.5.0 the job started working again.

           

          Show
          michaelpporter Michael Porter added a comment - - edited The latest release removed all of my parameter mappings.   Jenkins version  Jenkins ver. 2.60.3 pipeline job String parameter Name -> LABELS Build when issue is updated: (summary ~ 'WPSITE UPDATES') AND resolution = Unresolved Parameter mapping Jenkins parameter -> LABELS Issue attribute path -> labels   In the pipeline the values are empty.   When I rolled back to 0.4.2 from 0.5.0 the job started working again.  
          ceilfors Wisen Tanasa made changes -
          Resolution Fixed [ 1 ]
          Status Resolved [ 5 ] Reopened [ 4 ]
          Hide
          ceilfors Wisen Tanasa added a comment -

          Michael Porter Thanks for letting me know, I have reopened the ticket.

          Show
          ceilfors Wisen Tanasa added a comment - Michael Porter Thanks for letting me know, I have reopened the ticket.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Wisen Tanasa
          Path:
          src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsRunner.groovy
          src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy
          http://jenkins-ci.org/commit/jira-trigger-plugin/4cf64c12f9fcbe00d54d5fcb7f8dfe9926e35f57
          Log:
          JENKINS-46482 Use ParametersAction instead of EnvironmentContributingAction.

          Apparently EnvironmentContributingAction is not working in a pipeline job and the fix requires Jenkins core 2.76+. See JENKINS-29537.

          Compare: https://github.com/jenkinsci/jira-trigger-plugin/compare/f83ef699de31...4cf64c12f9fc

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wisen Tanasa Path: src/integrationTest/groovy/com/ceilfors/jenkins/plugins/jiratrigger/integration/JenkinsRunner.groovy src/main/groovy/com/ceilfors/jenkins/plugins/jiratrigger/ParameterMappingAction.groovy http://jenkins-ci.org/commit/jira-trigger-plugin/4cf64c12f9fcbe00d54d5fcb7f8dfe9926e35f57 Log: JENKINS-46482 Use ParametersAction instead of EnvironmentContributingAction. Apparently EnvironmentContributingAction is not working in a pipeline job and the fix requires Jenkins core 2.76+. See JENKINS-29537 . Compare: https://github.com/jenkinsci/jira-trigger-plugin/compare/f83ef699de31...4cf64c12f9fc
          Hide
          ceilfors Wisen Tanasa added a comment -

          Fixed to pipeline job released under 0.5.1.

          CC: Michael Porter

          Show
          ceilfors Wisen Tanasa added a comment - Fixed to pipeline job released under 0.5.1. CC: Michael Porter
          ceilfors Wisen Tanasa made changes -
          Status Reopened [ 4 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          michaelpporter Michael Porter added a comment -

          0.5.1 is working for me.

          Show
          michaelpporter Michael Porter added a comment - 0.5.1 is working for me.
          Hide
          ceilfors Wisen Tanasa added a comment -

          Michael Porter Thanks for your confirmation. You should not need the System property workaround that was needed by SECURITY-170 anymore if you are forced to use it by jira-trigger-plugin e.g. hudson.model.ParametersAction.keepUndefinedParameters or hudson.model.ParametersAction.safeParameters

          Show
          ceilfors Wisen Tanasa added a comment - Michael Porter Thanks for your confirmation. You should not need the System property workaround that was needed by SECURITY-170 anymore if you are forced to use it by jira-trigger-plugin e.g.  hudson.model.ParametersAction.keepUndefinedParameters  or  hudson.model.ParametersAction.safeParameters

            People

            • Assignee:
              ceilfors Wisen Tanasa
              Reporter:
              ceilfors Wisen Tanasa
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: