Skip to content

Commit

Permalink
JENKINS-73941 - New forceSandbox logic - Add CASC support + tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@jgarciacloudbees
jgarciacloudbees committed Oct 22, 2024
1 parent 661356d commit 4cbf832
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 6 deletions.
2 changes: 1 addition & 1 deletion src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -992,7 +992,7 @@ public synchronized void setApprovedScriptHashes(String[] scriptHashes) throws I
}

@DataBoundSetter
public synchronized void setforceSandbox(boolean forceSandbox) {
public synchronized void setForceSandbox(boolean forceSandbox) {
this.forceSandbox = forceSandbox;
save();
}
Expand Down
2 changes: 1 addition & 1 deletion ...test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ private void addPostBuildAction(HtmlPage page) throws IOException {
() -> ScriptApproval.get().using(groovy,GroovyLanguage.get()));
assertEquals(Messages.UnapprovedUsage_NonApproved(), ex.getMessage());

ScriptApproval.get().setforceSandbox(true);
ScriptApproval.get().setForceSandbox(true);
ex = assertThrows(UnapprovedUsageException.class,
() -> ScriptApproval.get().using(groovy,GroovyLanguage.get()));
assertEquals(Messages.UnapprovedUsage_ForceSandBox(), ex.getMessage());
Expand Down
2 changes: 2 additions & 0 deletions src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/JcascTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import static org.hamcrest.collection.IsIterableContainingInAnyOrder.containsInAnyOrder;
import static org.hamcrest.core.StringContains.containsString;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

public class JcascTest {

Expand All @@ -43,6 +44,7 @@ public void smokeTestEntry() throws Exception {
assertThat(logger.getMessages(), containsInAnyOrder(
containsString("Adding deprecated script hash " +
"that will be converted on next use: fccae58c5762bdd15daca97318e9d74333203106")));
assertTrue(ScriptApproval.get().isForceSandbox());
}

@Test
Expand Down
8 changes: 4 additions & 4 deletions src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ public void reload() throws Exception {
public void forceSandboxTests() throws Exception {
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());

ScriptApproval.get().setforceSandbox(true);
ScriptApproval.get().setForceSandbox(true);

MockAuthorizationStrategy mockStrategy = new MockAuthorizationStrategy();
mockStrategy.grant(Jenkins.READ).everywhere().to("devel");
Expand Down Expand Up @@ -290,7 +290,7 @@ public void forceSandboxTests() throws Exception {

@Test
public void forceSandboxScriptSignatureException() throws Exception {
ScriptApproval.get().setforceSandbox(true);
ScriptApproval.get().setForceSandbox(true);
FreeStyleProject p = r.createFreeStyleProject("p");
p.getPublishersList().add(new TestGroovyRecorder(new SecureGroovyScript("jenkins.model.Jenkins.instance", true, null)));
FreeStyleBuild b = r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get());
Expand All @@ -304,14 +304,14 @@ public void forceSandboxFormValidation() throws Exception {
grant(Jenkins.READ, Item.READ).everywhere().to("dev"));

try (ACLContext ctx = ACL.as(User.getById("devel", true))) {
ScriptApproval.get().setforceSandbox(true);
ScriptApproval.get().setForceSandbox(true);
{
FormValidation result = ScriptApproval.get().checking("test", GroovyLanguage.get(), false);
assertEquals(FormValidation.Kind.WARNING, result.kind);
assertEquals(Messages.ScriptApproval_ForceSandBoxMessage(), result.getMessage());
}

ScriptApproval.get().setforceSandbox(false);
ScriptApproval.get().setForceSandbox(false);
{
FormValidation result = ScriptApproval.get().checking("test", GroovyLanguage.get(), false);
assertEquals(FormValidation.Kind.WARNING, result.kind);
Expand Down
1 change: 1 addition & 0 deletions src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/smoke_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ security:
- method java.net.URI getHost
approvedScriptHashes:
- fccae58c5762bdd15daca97318e9d74333203106
forceSandbox: true
1 change: 1 addition & 0 deletions src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/smoke_test_expected.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ approvedScriptHashes:
- "fccae58c5762bdd15daca97318e9d74333203106"
approvedSignatures:
- "method java.net.URI getHost"
forceSandbox: true

0 comments on commit 4cbf832

Please sign in to comment.