JENKINS-73941 - New forceSandbox logic - Messages + tests

jenkinsci · Oct 21, 2024 · dc58b05 · dc58b05
1 parent 93722aa
commit dc58b05
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 3 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedUsageException.java b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedUsageException.java
@@ -32,7 +32,7 @@ public final class UnapprovedUsageException extends SecurityException {
     private final String hash;
 
     UnapprovedUsageException(String hash) {
-        super("script not yet approved for use");
+        super(ScriptApproval.get().isForceSandbox()?Messages.UnapprovedUsage_ForceSandBox():Messages.UnapprovedUsage_NonApproved());
         this.hash = hash;
     }
 

diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties
@@ -8,4 +8,6 @@ ScriptApprovalLink.outstandingSignature={0} signatures pending approval
 ScriptApprovalLink.outstandingClasspath={0} classpath entries pending approval
 ScriptApprovalLink.dangerous={0} approved dangerous signatures
 ScriptApproval.PipelineMessage="A Jenkins administrator will need to approve this script before it can be used"
-ScriptApproval.ForceSandBoxMessage="Running Scripts without Sandbox is not allowed in the system"
+ScriptApproval.ForceSandBoxMessage="Running Scripts out of the Sandbox is not allowed in the system"
+UnapprovedUsage.NonApproved="script not yet approved for use"
+UnapprovedUsage.ForceSandBox="Running Scripts out of the Sandbox is not allowed in the system"
diff --git a/...test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java b/...test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
@@ -34,6 +34,7 @@
 import org.apache.tools.ant.AntClassLoader;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException;
 import org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry;
+import org.jenkinsci.plugins.scriptsecurity.scripts.Messages;
 import org.htmlunit.html.HtmlForm;
 import org.htmlunit.html.HtmlFormUtil;
 import org.htmlunit.html.HtmlPage;
@@ -224,7 +225,14 @@ private void addPostBuildAction(HtmlPage page) throws IOException {
         assertEquals(1, pendingScripts.size());
 
         // Test that the script is executable. If it's not, we will get an UnapprovedUsageException
-        assertThrows(UnapprovedUsageException.class, () -> ScriptApproval.get().using(groovy, GroovyLanguage.get()));
+        Exception ex = assertThrows(UnapprovedUsageException.class,
+                                    () -> ScriptApproval.get().using(groovy,GroovyLanguage.get()));
+        assertEquals(Messages.UnapprovedUsage_NonApproved(), ex.getMessage());
+
+        ScriptApproval.get().setforceSandbox(true);
+        ex = assertThrows(UnapprovedUsageException.class,
+                                    () -> ScriptApproval.get().using(groovy,GroovyLanguage.get()));
+        assertEquals(Messages.UnapprovedUsage_ForceSandBox(), ex.getMessage());
     }
 
     /**