From dc58b0529f98f46b87974229f73c192349a762f3 Mon Sep 17 00:00:00 2001 From: Javier Garcia Date: Mon, 21 Oct 2024 18:05:15 +0200 Subject: [PATCH] JENKINS-73941 - New forceSandbox logic - Messages + tests --- .../scripts/UnapprovedUsageException.java | 2 +- .../plugins/scriptsecurity/scripts/Messages.properties | 4 +++- .../sandbox/groovy/SecureGroovyScriptTest.java | 10 +++++++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedUsageException.java b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedUsageException.java index bfb7a8a87..bc02ac56e 100644 --- a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedUsageException.java +++ b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedUsageException.java @@ -32,7 +32,7 @@ public final class UnapprovedUsageException extends SecurityException { private final String hash; UnapprovedUsageException(String hash) { - super("script not yet approved for use"); + super(ScriptApproval.get().isForceSandbox()?Messages.UnapprovedUsage_ForceSandBox():Messages.UnapprovedUsage_NonApproved()); this.hash = hash; } diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties index 6e1fdad4c..15ba6818f 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties @@ -8,4 +8,6 @@ ScriptApprovalLink.outstandingSignature={0} signatures pending approval ScriptApprovalLink.outstandingClasspath={0} classpath entries pending approval ScriptApprovalLink.dangerous={0} approved dangerous signatures ScriptApproval.PipelineMessage="A Jenkins administrator will need to approve this script before it can be used" -ScriptApproval.ForceSandBoxMessage="Running Scripts without Sandbox is not allowed in the system" +ScriptApproval.ForceSandBoxMessage="Running Scripts out of the Sandbox is not allowed in the system" +UnapprovedUsage.NonApproved="script not yet approved for use" +UnapprovedUsage.ForceSandBox="Running Scripts out of the Sandbox is not allowed in the system" diff --git a/src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java b/src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java index 9518cac43..93ffb83bf 100644 --- a/src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java +++ b/src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java @@ -34,6 +34,7 @@ import org.apache.tools.ant.AntClassLoader; import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException; import org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry; +import org.jenkinsci.plugins.scriptsecurity.scripts.Messages; import org.htmlunit.html.HtmlForm; import org.htmlunit.html.HtmlFormUtil; import org.htmlunit.html.HtmlPage; @@ -224,7 +225,14 @@ private void addPostBuildAction(HtmlPage page) throws IOException { assertEquals(1, pendingScripts.size()); // Test that the script is executable. If it's not, we will get an UnapprovedUsageException - assertThrows(UnapprovedUsageException.class, () -> ScriptApproval.get().using(groovy, GroovyLanguage.get())); + Exception ex = assertThrows(UnapprovedUsageException.class, + () -> ScriptApproval.get().using(groovy,GroovyLanguage.get())); + assertEquals(Messages.UnapprovedUsage_NonApproved(), ex.getMessage()); + + ScriptApproval.get().setforceSandbox(true); + ex = assertThrows(UnapprovedUsageException.class, + () -> ScriptApproval.get().using(groovy,GroovyLanguage.get())); + assertEquals(Messages.UnapprovedUsage_ForceSandBox(), ex.getMessage()); } /**