Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48939

PRQA Plugin is affected by JEP-200 in Jenkins 2.102+

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      During the code inspections for JEP-200 I have discovered that the plugin is most likely affected by this security hardening in the Jenkins core.

      • Plugin uses PRQAComplianceStatus in MasterToSlaveCallable operations
      • This class comes from an external library without a "Jenkins-ClassFilter-Whitelisted" manifest entry
      • In Jenkins 2.102+ such classes will be blacklisted unless a workaround is applied

      You can find more guidelines for plugin developers in this blogpost: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers. Please let us know if you need any additional info or reviews regarding this issue.

        Attachments

          Issue Links

            Activity

            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            I have got information from Ewelina Wilkosz that the plugin is no longer maintained by Praqma.
            CC Igor Kostenko and Marcos Bento who are listed in Repository permission updater

            Show
            oleg_nenashev Oleg Nenashev added a comment - I have got information from Ewelina Wilkosz that the plugin is no longer maintained by Praqma. CC Igor Kostenko and Marcos Bento who are listed in Repository permission updater
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            I also dropped the default assignee of the component. Please let me know whom to set the new lead of the component in JIRA

            Show
            oleg_nenashev Oleg Nenashev added a comment - I also dropped the default assignee of the component. Please let me know whom to set the new lead of the component in JIRA
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The plugin and the library are being maintained by the tool vendor. The plugin has no real tests. Although I have a license for PRQA, it would take a while to setup the test projects, etc.
            So far me and Jesse Glick are not going to spend time on fixing this plugin unless there is a community feedback.

            Igor Kostenko Marcos Bento Please let us know if you need any advice.

            Show
            oleg_nenashev Oleg Nenashev added a comment - The plugin and the library are being maintained by the tool vendor. The plugin has no real tests. Although I have a license for PRQA, it would take a while to setup the test projects, etc. So far me and Jesse Glick are not going to spend time on fixing this plugin unless there is a community feedback. Igor Kostenko Marcos Bento Please let us know if you need any advice.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -
            Show
            oleg_nenashev Oleg Nenashev added a comment - Igor Kostenko Marcos Bento ping
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            I have raised the question to the tool vendor 10 days ago. JEP-200 maintainers are not going to work on it so far

            Show
            oleg_nenashev Oleg Nenashev added a comment - I have raised the question to the tool vendor 10 days ago. JEP-200 maintainers are not going to work on it so far
            Hide
            priyat Priyanga G added a comment -

            Oleg Nenashev,

            So,We cant able to work PRQA in jenkins?

            Thanks,

            Priyanga

            Show
            priyat Priyanga G added a comment - Oleg Nenashev, So,We cant able to work PRQA in jenkins? Thanks, Priyanga
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Priyanga G Please see https://jenkins.io/blog/2018/03/15/jep-200-lts/ . This blogpost offers troubleshooting guidelines and some workaround options. You won't be able to use this plugin with Jenkins 2.102+ if you do not construct workaround class filter settings.

            We were unable to get a response from the plugin maintainers even after reaching out to PRQA directly. If you suffer from this issue, please submit a support ticket to PRQA.

            Show
            oleg_nenashev Oleg Nenashev added a comment - Priyanga G Please see https://jenkins.io/blog/2018/03/15/jep-200-lts/ . This blogpost offers troubleshooting guidelines and some workaround options. You won't be able to use this plugin with Jenkins 2.102+ if you do not construct workaround class filter settings. We were unable to get a response from the plugin maintainers even after reaching out to PRQA directly. If you suffer from this issue, please submit a support ticket to PRQA.
            Hide
            priyat Priyanga G added a comment - - edited

            Oleg Nenashev,

            Thank you for reply sir.

            I am using Jenkins 2.111 version.If I downgrade the Jenkins version.It will work??

            Show
            priyat Priyanga G added a comment - - edited Oleg Nenashev, Thank you for reply sir. I am using Jenkins 2.111 version.If I downgrade the Jenkins version.It will work??
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Yes, it will

            Show
            oleg_nenashev Oleg Nenashev added a comment - Yes, it will
            Hide
            priyat Priyanga G added a comment -

            Thank you sir.

            Show
            priyat Priyanga G added a comment - Thank you sir.
            Hide
            marcos_bento Marcos Bento added a comment -

            This issue is fixed in PRQA Jenkins plugin 3.0.1.

            Show
            marcos_bento Marcos Bento added a comment - This issue is fixed in PRQA Jenkins plugin 3.0.1.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Marcos Bento there is no source code in https://github.com/jenkinsci/prqa-plugin . Could you please push it?

            Show
            oleg_nenashev Oleg Nenashev added a comment - Marcos Bento there is no source code in https://github.com/jenkinsci/prqa-plugin . Could you please push it?
            Hide
            marcos_bento Marcos Bento added a comment -

            The source code has been pushed.

            Show
            marcos_bento Marcos Bento added a comment - The source code has been pushed.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            thanks!

            Show
            oleg_nenashev Oleg Nenashev added a comment - thanks!

              People

              • Assignee:
                marcos_bento Marcos Bento
                Reporter:
                oleg_nenashev Oleg Nenashev
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: