Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46911

createProjectFromXML not recognizing unsafe character '/'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • None

      I used a fresh Docker LTS install.

      If one uses the web interface to create a new job and puts '/' into the name of the job, this will result in an error message that '/' is an unsafe character to use. (This is good behaviour!)

      When using Java API 'createProjectFromXML()' the name is not checked for a '/'

       

      Following script approvals are needed to reproduce the bug:

      method java.lang.String getBytes
method jenkins.model.ModifiableTopLevelItemGroup createProjectFromXML java.lang.String java.io.InputStream
new java.io.ByteArrayInputStream byte[]
staticMethod jenkins.model.Jenkins getInstance

      Now create following Pipeline Job:

      node('master') {
   def xmlFreestyle = '''<?xml version='1.0' encoding='UTF-8'?>
<project>
<description></description>
<keepDependencies>false</keepDependencies>
<properties/>
<scm class="hudson.scm.NullSCM"/>
<canRoam>true</canRoam>
<disabled>false</disabled>
<blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
<blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
<triggers/>
<concurrentBuild>false</concurrentBuild>
<builders/>
<publishers/>
<buildWrappers/>
</project>'''
   InputStream is = new ByteArrayInputStream(xmlFreestyle.getBytes())
   Jenkins.getInstance().createProjectFromXML('/aaa/bbb/ccc', is)
}

       

      After running the job, a new job 'ccc' will be created.

      In /var/jenkins_home/ there will be a directory ./jobs/ccc which contains 'builds' and 'nextBuildNumber'

      config.xml will be saved in 

      ./jobs/aaa/bbb/ccc   (very bad behaviour, leading to data on disk which Jenkins doesn't know anything of)

      After restart of jenkins, the job 'ccc' will be gone.

      Only moving the config.xml from ./jobs/aaa/bbb/ccc to ./jobs/ccc will make the job reappear.

       

      The problem here is that there is no error or exception when creating the job with 

      Jenkins.getInstance().createProjectFromXML('/aaa/bbb/ccc'...)

      The job 'ccc' even appears in the list of jobs. Only after restart of Jenkins the problem will show up.

       

      Proposed solution: 

      createProjectFromXML()

      should throw an Exception if '/' is in the name.

            godfath3r Panagiotis Galatsanos
            dirkboye Dirk Boye
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: