Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46764

Script Security fails for all approved signatures when a signature entry starts with whitespace

    XMLWordPrintable

    Details

    • Sprint:
      Pipeline - December
    • Similar Issues:

      Description

      If an entry in scriptApproval.xml starts with whitespace, it results in all approved signatures getting rejected. Not sure yet what exactly the underlying problem is, but this is obviously bad.

        Attachments

          Issue Links

            Activity

            Hide
            abayer Andrew Bayer added a comment -
            Show
            abayer Andrew Bayer added a comment - Preliminary PR up at https://github.com/jenkinsci/script-security-plugin/pull/150
            Hide
            jglick Jesse Glick added a comment -

            If the file is malformed, it should be rejected. Doing so with a clear exception message would be appropriate, of course, if the error is not already obvious.

            (How is this “critical”?)

            Show
            jglick Jesse Glick added a comment - If the file is malformed, it should be rejected. Doing so with a clear exception message would be appropriate, of course, if the error is not already obvious. (How is this “critical”?)
            Hide
            abayer Andrew Bayer added a comment -

            Because it was breaking a large user completely until the offending line was fixed, so I want to get a fix out ASAP.

            Show
            abayer Andrew Bayer added a comment - Because it was breaking a large user completely until the offending line was fixed, so I want to get a fix out ASAP.
            Hide
            jglick Jesse Glick added a comment -

            If you are referring to scriptApproval.xml then it would be better to fix ApprovedWhitelist to catch exceptions in its constructor and log them.

            Show
            jglick Jesse Glick added a comment - If you are referring to scriptApproval.xml then it would be better to fix ApprovedWhitelist to catch exceptions in its constructor and log them.
            Hide
            abayer Andrew Bayer added a comment -

            New PR up that logs exceptions in ApprovedWhitelist constructor.

            Show
            abayer Andrew Bayer added a comment - New PR up that logs exceptions in ApprovedWhitelist constructor.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Andrew Bayer
            Path:
            src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java
            src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.zip
            src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/dangerousApproved.zip
            src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/malformedScriptApproval.zip
            http://jenkins-ci.org/commit/script-security-plugin/dee8e78aa74d9c5899f22656981059158f841932
            Log:
            [FIXED JENKINS-46764] Log a useful message when scriptApproval is malformed

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.zip src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/dangerousApproved.zip src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/malformedScriptApproval.zip http://jenkins-ci.org/commit/script-security-plugin/dee8e78aa74d9c5899f22656981059158f841932 Log: [FIXED JENKINS-46764] Log a useful message when scriptApproval is malformed
            Hide
            abayer Andrew Bayer added a comment -

            In 1.38, releasing shortly.

            Show
            abayer Andrew Bayer added a comment - In 1.38, releasing shortly.

              People

              • Assignee:
                abayer Andrew Bayer
                Reporter:
                abayer Andrew Bayer
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: