[JIRA] (JENKINS-42470) ModelConverterAction should use CrumbExclusionFilter

1 view
Skip to first unread message

jglick@cloudbees.com (JIRA)

unread,
Mar 3, 2017, 10:58:02 AM3/3/17
to jenkinsc...@googlegroups.com
Jesse Glick created an issue
 
Jenkins / Bug JENKINS-42470
ModelConverterAction should use CrumbExclusionFilter
Issue Type: Bug Bug
Assignee: Andrew Bayer
Components: pipeline-model-definition-plugin
Created: 2017/Mar/03 3:57 PM
Labels: crumb usability
Priority: Major Major
Reporter: Jesse Glick

https://github.com/jenkinsci/pipeline-model-definition-plugin/wiki/Validating-(or-linting)-a-Declarative-Jenkinsfile-from-the-command-line#how-to-use tells you to get a crumb from Jenkins, which makes REST-based access very awkward. This is only needed because we are accepting POST requests, which is only needed because we are sending content. But the action has no side effects so there is no actual need for a crumb. You should implement CrumbExclusionFilter to simplify usage.

I would also suggest that doValidate should just stream from its body rather than require a form field, but I guess this would be an incompatible change.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

jglick@cloudbees.com (JIRA)

unread,
Mar 3, 2017, 10:59:02 AM3/3/17
to jenkinsc...@googlegroups.com

jglick@cloudbees.com (JIRA)

unread,
Mar 3, 2017, 11:18:01 AM3/3/17
to jenkinsc...@googlegroups.com

Also it checks Permission.READ. That is wrong; you should not use these generic permissions, as they are not managed by authorization strategies. Rather use Jenkins.READ.

andrew.bayer@gmail.com (JIRA)

unread,
Mar 3, 2017, 11:32:02 AM3/3/17
to jenkinsc...@googlegroups.com

Got an example of CrumbExclusionFilter I can look at?

andrew.bayer@gmail.com (JIRA)

unread,
Mar 3, 2017, 11:34:03 AM3/3/17
to jenkinsc...@googlegroups.com

Ah, it's CrumbExclusion and I found one in github-plugin.

andrew.bayer@gmail.com (JIRA)

unread,
Mar 3, 2017, 12:13:01 PM3/3/17
to jenkinsc...@googlegroups.com
Andrew Bayer started work on Bug JENKINS-42470
 
Change By: Andrew Bayer
Status: Open In Progress

andrew.bayer@gmail.com (JIRA)

unread,
Mar 3, 2017, 12:14:01 PM3/3/17
to jenkinsc...@googlegroups.com

andrew.bayer@gmail.com (JIRA)

unread,
Mar 3, 2017, 12:14:02 PM3/3/17
to jenkinsc...@googlegroups.com
Change By: Andrew Bayer
Status: In Progress Review

scm_issue_link@java.net (JIRA)

unread,
Mar 3, 2017, 7:20:01 PM3/3/17
to jenkinsc...@googlegroups.com

Code changed in jenkins
User: Andrew Bayer
Path:
pipeline-model-definition/src/main/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterAction.java
pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/WhenStageTest.java
pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ErrorsEndpointOpsTest.java
pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterActionStepsTest.java
pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/ModelConverterActionTest.java
pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/endpoints/SuccessfulEndpointOpsTest.java
http://jenkins-ci.org/commit/pipeline-model-definition-plugin/3671e8dba6a7f12bdcb4f50440e3cd4b7a3fbab6
Log:
[FIXED JENKINS-42470] Use CrumbExclusion and Jenkins.READ perms

andrew.bayer@gmail.com (JIRA)

unread,
Mar 3, 2017, 7:25:01 PM3/3/17
to jenkinsc...@googlegroups.com
Change By: Andrew Bayer
Status: In Review Resolved
Resolution: Fixed

bitwiseman@gmail.com (JIRA)

unread,
Oct 22, 2019, 11:25:48 PM10/22/19
to jenkinsc...@googlegroups.com
Liam Newman closed an issue as Fixed
 

Bulk closing resolved issues.

Change By: Liam Newman
Status: Resolved Closed
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages