From e169c642839ed290d7786666c0b37b6618da0112 Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Mon, 10 Jul 2017 17:48:30 +0100 Subject: [PATCH 1/5] Rips out the ability to execute a Groovy script with this plugin (see SECURITY-294) --- pom.xml | 4 +- .../ArtifactDeployerBuilder.java | 16 +------ .../ArtifactDeployerEntry.java | 20 +-------- .../ArtifactDeployerPublisher.java | 12 ------ .../DeleteRemoteArtifactsByScriptModel.java | 42 ------------------- .../ArtifactDeployerBuilder/config.jelly | 16 ------- .../help-deleteRemoteArtifactsByScript.html | 7 ---- .../ArtifactDeployerPublisher/config.jelly | 18 +------- .../help-deleteRemoteArtifactsByScript.html | 7 ---- 9 files changed, 7 insertions(+), 135 deletions(-) delete mode 100644 src/main/java/org/jenkinsci/plugins/artifactdeployer/DeleteRemoteArtifactsByScriptModel.java delete mode 100644 src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/help-deleteRemoteArtifactsByScript.html delete mode 100644 src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/help-deleteRemoteArtifactsByScript.html diff --git a/pom.xml b/pom.xml index f7ac0e1..929a3ab 100644 --- a/pom.xml +++ b/pom.xml @@ -4,13 +4,13 @@ org.jenkins-ci.plugins plugin - 1.565.1 + 1.585 artifactdeployer hpi Jenkins Artifact Deployer Plug-in - 0.34-SNAPSHOT + 0.40 http://wiki.jenkins-ci.org/display/JENKINS/ArtifactDeployer+Plugin diff --git a/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder.java b/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder.java index d50f368..4a71fd2 100644 --- a/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder.java +++ b/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder.java @@ -54,8 +54,8 @@ public class ArtifactDeployerBuilder extends Builder implements Serializable { ArtifactDeployerEntry entry; @DataBoundConstructor - public ArtifactDeployerBuilder(String includes, String basedir, String excludes, String remote, boolean flatten, boolean deleteRemote, boolean deleteRemoteArtifacts, DeleteRemoteArtifactsByScriptModel deleteRemoteArtifactsByScript, boolean failNoFilesDeploy) { - this.entry = new ArtifactDeployerEntry(includes, basedir, excludes, remote, flatten, deleteRemote, deleteRemoteArtifacts, deleteRemoteArtifactsByScript, failNoFilesDeploy); + public ArtifactDeployerBuilder(String includes, String basedir, String excludes, String remote, boolean flatten, boolean deleteRemote, boolean deleteRemoteArtifacts, boolean failNoFilesDeploy) { + this.entry = new ArtifactDeployerEntry(includes, basedir, excludes, remote, flatten, deleteRemote, deleteRemoteArtifacts, failNoFilesDeploy); } public ArtifactDeployerBuilder() { @@ -199,18 +199,6 @@ public void onDeleted(AbstractBuild build) { } } - - //Execute the script for deletion - if (entry.isDeleteRemoteArtifactsByScript()) { - //Inject list artifacts as variable - Binding binding = new Binding(); - if (artifactDeployerBuildAction != null) { - List listArtifacts = info.get(entry.getUniqueId()); - binding.setVariable("ARTIFACTS", listArtifacts); - } - GroovyShell shell = new GroovyShell(binding); - shell.evaluate(entry.getGroovyExpression()); - } } } } diff --git a/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerEntry.java b/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerEntry.java index 9b81080..944c680 100644 --- a/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerEntry.java +++ b/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerEntry.java @@ -46,7 +46,7 @@ public class ArtifactDeployerEntry implements Serializable { private boolean flatten; private boolean deleteRemote; private boolean deleteRemoteArtifacts; - private boolean deleteRemoteArtifactsByScript; + private boolean deleteRemoteArtifactsByScript=false; private String groovyExpression; private boolean failNoFilesDeploy; @@ -54,7 +54,7 @@ public ArtifactDeployerEntry() { } @DataBoundConstructor - public ArtifactDeployerEntry(String includes, String basedir, String excludes, String remote, boolean flatten, boolean deleteRemote, boolean deleteRemoteArtifacts, DeleteRemoteArtifactsByScriptModel deleteRemoteArtifactsByScript, boolean failNoFilesDeploy) { + public ArtifactDeployerEntry(String includes, String basedir, String excludes, String remote, boolean flatten, boolean deleteRemote, boolean deleteRemoteArtifacts, boolean failNoFilesDeploy) { this.includes = includes; this.basedir = basedir; this.excludes = excludes; @@ -62,14 +62,6 @@ public ArtifactDeployerEntry(String includes, String basedir, String excludes, S this.flatten = flatten; this.deleteRemote = deleteRemote; this.deleteRemoteArtifacts = deleteRemoteArtifacts; - //this.deleteRemoteArtifactsByScript = deleteRemoteArtifactsByScript; - //this.groovyExpression = groovyExpression; - if (deleteRemoteArtifactsByScript != null) { - this.deleteRemoteArtifactsByScript = true; - this.groovyExpression = deleteRemoteArtifactsByScript.getGroovyExpression(); - } else { - this.deleteRemoteArtifactsByScript = false; - } this.failNoFilesDeploy = failNoFilesDeploy; } @@ -115,14 +107,6 @@ public boolean isDeleteRemoteArtifacts() { } @SuppressWarnings("unused") - public boolean isDeleteRemoteArtifactsByScript() { - return StringUtils.isNotBlank(groovyExpression); - } - - @SuppressWarnings("unused") - public String getGroovyExpression() { - return groovyExpression; - } public boolean isFailNoFilesDeploy() { return failNoFilesDeploy; diff --git a/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher.java b/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher.java index f7670bc..5c4e707 100644 --- a/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher.java +++ b/src/main/java/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher.java @@ -317,18 +317,6 @@ public void onDeleted(AbstractBuild build) { } } - - //Execute the script for deletion - if (entry.isDeleteRemoteArtifactsByScript()) { - //Inject list artifacts as variable - Binding binding = new Binding(); - if (artifactDeployerBuildAction != null) { - List listArtifacts = info.get(entry.getUniqueId()); - binding.setVariable("ARTIFACTS", listArtifacts); - } - GroovyShell shell = new GroovyShell(binding); - shell.evaluate(entry.getGroovyExpression()); - } } } } diff --git a/src/main/java/org/jenkinsci/plugins/artifactdeployer/DeleteRemoteArtifactsByScriptModel.java b/src/main/java/org/jenkinsci/plugins/artifactdeployer/DeleteRemoteArtifactsByScriptModel.java deleted file mode 100644 index 4cd28bf..0000000 --- a/src/main/java/org/jenkinsci/plugins/artifactdeployer/DeleteRemoteArtifactsByScriptModel.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - * The MIT License - * Copyright (c) 2014 Gregory Boissinot and all contributors - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ -package org.jenkinsci.plugins.artifactdeployer; - -import org.kohsuke.stapler.DataBoundConstructor; - -/** - * @author Gregory Boissinot - */ -public class DeleteRemoteArtifactsByScriptModel { - - private String groovyExpression; - - @DataBoundConstructor - public DeleteRemoteArtifactsByScriptModel(String groovyExpression) { - this.groovyExpression = groovyExpression; - } - - public String getGroovyExpression() { - return groovyExpression; - } -} diff --git a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/config.jelly b/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/config.jelly index f16126a..bef47dd 100644 --- a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/config.jelly @@ -60,22 +60,6 @@ THE SOFTWARE. - - - - - - - - -
- - \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/help-deleteRemoteArtifactsByScript.html b/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/help-deleteRemoteArtifactsByScript.html deleted file mode 100644 index ad44bf8..0000000 --- a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerBuilder/help-deleteRemoteArtifactsByScript.html +++ /dev/null @@ -1,7 +0,0 @@ -
-

- Execute a Groovy script before a build is deleted.
- You can use an 'ARTIFACTS' list variable.
- For instance ARTIFACTS.each{ new File(it.remotePath).delete()} -

-
\ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/config.jelly b/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/config.jelly index 6aa7944..716c338 100644 --- a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/config.jelly @@ -72,23 +72,7 @@ THE SOFTWARE. checked="${deployedArtifact.deleteRemoteArtifacts}"/> - - - - - - - - - -
- - + diff --git a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/help-deleteRemoteArtifactsByScript.html b/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/help-deleteRemoteArtifactsByScript.html deleted file mode 100644 index ad44bf8..0000000 --- a/src/main/resources/org/jenkinsci/plugins/artifactdeployer/ArtifactDeployerPublisher/help-deleteRemoteArtifactsByScript.html +++ /dev/null @@ -1,7 +0,0 @@ -
-

- Execute a Groovy script before a build is deleted.
- You can use an 'ARTIFACTS' list variable.
- For instance ARTIFACTS.each{ new File(it.remotePath).delete()} -

-
\ No newline at end of file From 521de460aedf74e79423c78d80da92d2788410d8 Mon Sep 17 00:00:00 2001 From: seanturner83 Date: Mon, 10 Jul 2017 18:09:03 +0100 Subject: [PATCH 2/5] Create .travis.yml --- .travis.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..dff5f3a --- /dev/null +++ b/.travis.yml @@ -0,0 +1 @@ +language: java From f129b54b70aac2baa4a5c57445d9620f97fe813f Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Mon, 10 Jul 2017 18:11:45 +0100 Subject: [PATCH 3/5] test commit --- test | 1 + 1 file changed, 1 insertion(+) create mode 100644 test diff --git a/test b/test new file mode 100644 index 0000000..9daeafb --- /dev/null +++ b/test @@ -0,0 +1 @@ +test From 361b6362aff74e8c6495b9957de6a6c641497299 Mon Sep 17 00:00:00 2001 From: seanturner83 Date: Tue, 11 Jul 2017 09:29:49 +0100 Subject: [PATCH 4/5] Update .travis.yml --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.travis.yml b/.travis.yml index dff5f3a..9fdfbaf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1 +1,8 @@ language: java + +deploy: + provider: releases + api_key: + secure: "InJlegbaieloea85f3DbzizAwmCWE5bQHzNY2JA/p6j3rY3w6urDZtvjY1/WaOttot8o7uehEm4lpXpB+sF5+tLYcMea6ibheC93E8Akh1eBrhlG4qQGZwvflkWUtniviqED0vUZd5TYkMKpdc29u+emzWX/lvlv0zSiFYKiuiCjuQxNvUhuvrJRoU0/yOqOYJmQSlNNeC2OmPoIm1WC7Y4imX6noF6G8+pQD+N5rT8Afyvs/cWoQaT8zehp4bVYgY26EdozblSoc7pQDJv6bhTwCdrq7aBH+XQBFKd5dLdnbrCLkOM1IkO+LBwMIUd8/qU0qVO9vkPAq8vzcn6hnR3ap+Wd19HGPQVfeb9b9/kHK1d6/CdvBlP9txwXgQD0HDWkNONhoPxVRucyAux3PJpVlsS89G24zhx7QcrPb1k9e2sXFfEB54PCGkFF3MdosmevV5MY0AtZDh31i5nHo2dc0607xGAPGNWv8bORmyin3NITV0Hir+qBPZRjfCXXfgQwKntT/H9fLiD2ziJdZLV4Ss+OcmJSG4uhVFO/RDA/SWtJvpBIWyUvH/bqS/VVxVsxzMfgG+sNoZ6RzqZCH8kUjOtDEONNRj0teBIPN4FqIsccStQlDSdkYvDXxegKKD7uDp1npyd11a4Zs60LHgq+aUZrimHkluRfZg8JJ10=" + file: 'target/artifactdeployer.hpi' + skip_cleanup: true From 98405fb2aacb45ea81e18f6b57f9494c6500e978 Mon Sep 17 00:00:00 2001 From: seanturner83 Date: Tue, 11 Jul 2017 09:51:52 +0100 Subject: [PATCH 5/5] Update .travis.yml --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 9fdfbaf..f0500b5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,3 +6,6 @@ deploy: secure: "InJlegbaieloea85f3DbzizAwmCWE5bQHzNY2JA/p6j3rY3w6urDZtvjY1/WaOttot8o7uehEm4lpXpB+sF5+tLYcMea6ibheC93E8Akh1eBrhlG4qQGZwvflkWUtniviqED0vUZd5TYkMKpdc29u+emzWX/lvlv0zSiFYKiuiCjuQxNvUhuvrJRoU0/yOqOYJmQSlNNeC2OmPoIm1WC7Y4imX6noF6G8+pQD+N5rT8Afyvs/cWoQaT8zehp4bVYgY26EdozblSoc7pQDJv6bhTwCdrq7aBH+XQBFKd5dLdnbrCLkOM1IkO+LBwMIUd8/qU0qVO9vkPAq8vzcn6hnR3ap+Wd19HGPQVfeb9b9/kHK1d6/CdvBlP9txwXgQD0HDWkNONhoPxVRucyAux3PJpVlsS89G24zhx7QcrPb1k9e2sXFfEB54PCGkFF3MdosmevV5MY0AtZDh31i5nHo2dc0607xGAPGNWv8bORmyin3NITV0Hir+qBPZRjfCXXfgQwKntT/H9fLiD2ziJdZLV4Ss+OcmJSG4uhVFO/RDA/SWtJvpBIWyUvH/bqS/VVxVsxzMfgG+sNoZ6RzqZCH8kUjOtDEONNRj0teBIPN4FqIsccStQlDSdkYvDXxegKKD7uDp1npyd11a4Zs60LHgq+aUZrimHkluRfZg8JJ10=" file: 'target/artifactdeployer.hpi' skip_cleanup: true + on: + tags: true + all_branches: true