From b1b104c6823a04c2cf8d375710bf13fabf5797a0 Mon Sep 17 00:00:00 2001 From: Devin Nusbaum Date: Tue, 17 May 2022 15:55:27 -0400 Subject: [PATCH 1/2] [JENKINS-68562] Fix Repo checkouts on the built-in node for Windows controllers --- .../java/hudson/plugins/repo/RepoScm.java | 21 +++++++++++++++---- .../java/hudson/plugins/repo/RepoScmTest.java | 14 +++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/main/java/hudson/plugins/repo/RepoScm.java b/src/main/java/hudson/plugins/repo/RepoScm.java index b9630a6..58ff920 100644 --- a/src/main/java/hudson/plugins/repo/RepoScm.java +++ b/src/main/java/hudson/plugins/repo/RepoScm.java @@ -31,6 +31,7 @@ import java.net.URL; import java.nio.charset.Charset; import java.nio.file.Files; +import java.nio.file.InvalidPathException; import java.nio.file.Paths; import java.util.ArrayList; import java.util.Arrays; @@ -950,10 +951,8 @@ public void checkout( build.addAction(manifestAction); } - private void abortIfUrlLocal() throws AbortException { - if (StringUtils.isNotEmpty(manifestRepositoryUrl) - && (manifestRepositoryUrl.toLowerCase(Locale.ENGLISH).startsWith("file://") - || Files.exists(Paths.get(manifestRepositoryUrl)))) { + void abortIfUrlLocal() throws AbortException { + if (!isValidRepositoryUrl(manifestRepositoryUrl)) { throw new AbortException("Checkout of Repo url '" + manifestRepositoryUrl + "' aborted because it references a local directory, " + "which may be insecure. " @@ -962,6 +961,20 @@ private void abortIfUrlLocal() throws AbortException { } } + private static boolean isValidRepositoryUrl(String url) { + if (StringUtils.isEmpty(url)) { + return true; + } else if (url.toLowerCase(Locale.ENGLISH).startsWith("file://")) { + return false; + } + try { + // Check for local URLs with no protocol like /path/to/repo + return !Files.exists(Paths.get(url)); + } catch (InvalidPathException e) { + return true; + } + } + private int doSync(final Launcher launcher, @Nonnull final FilePath workspace, final OutputStream logger, final EnvVars env) throws IOException, InterruptedException { diff --git a/src/test/java/hudson/plugins/repo/RepoScmTest.java b/src/test/java/hudson/plugins/repo/RepoScmTest.java index 88527aa..2496a6c 100644 --- a/src/test/java/hudson/plugins/repo/RepoScmTest.java +++ b/src/test/java/hudson/plugins/repo/RepoScmTest.java @@ -1,13 +1,16 @@ package hudson.plugins.repo; +import hudson.AbortException; import hudson.model.FreeStyleProject; import hudson.tasks.Shell; import org.junit.Rule; import org.junit.Test; +import org.jvnet.hudson.test.Issue; import org.jvnet.hudson.test.JenkinsRule; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; /** * {@link JenkinsRule} based tests for {@link RepoScm} @@ -31,4 +34,15 @@ public void configRoundTrip() throws Exception { assertTrue(scm.isCleanFirst()); assertEquals(manifestRepositoryUrl, scm.getManifestRepositoryUrl()); } + + @Issue("JENKINS-68562") + @Test + public void abortIfUrlLocal() throws Exception { + final String manifestRepositoryUrl = "https://gerrit/projects/platform.git"; + try { + new RepoScm(manifestRepositoryUrl).abortIfUrlLocal(); + } catch (AbortException e) { + fail("https manifest URLs should always be valid"); + } + } } From cd5ab93b2865cf32273364af3eba6f63e2e3a5e0 Mon Sep 17 00:00:00 2001 From: Devin Nusbaum Date: Wed, 18 May 2022 15:09:26 -0400 Subject: [PATCH 2/2] [JENKINS-68562] Fix checkstyle errors --- src/main/java/hudson/plugins/repo/RepoScm.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/main/java/hudson/plugins/repo/RepoScm.java b/src/main/java/hudson/plugins/repo/RepoScm.java index 58ff920..22ed936 100644 --- a/src/main/java/hudson/plugins/repo/RepoScm.java +++ b/src/main/java/hudson/plugins/repo/RepoScm.java @@ -951,6 +951,11 @@ public void checkout( build.addAction(manifestAction); } + /** + * Throws an {@link AbortException} if {@link #manifestRepositoryUrl} references a local file. + * + * @throws AbortException if {@link #manifestRepositoryUrl} references a local file + */ void abortIfUrlLocal() throws AbortException { if (!isValidRepositoryUrl(manifestRepositoryUrl)) { throw new AbortException("Checkout of Repo url '" + manifestRepositoryUrl @@ -961,7 +966,7 @@ void abortIfUrlLocal() throws AbortException { } } - private static boolean isValidRepositoryUrl(String url) { + private static boolean isValidRepositoryUrl(final String url) { if (StringUtils.isEmpty(url)) { return true; } else if (url.toLowerCase(Locale.ENGLISH).startsWith("file://")) {