[JIRA] (JENKINS-58584) The installNecessaryPluing REST API silently fails when plugin name is wrong

3 views

Skip to first unread message

martin.danjou14@gmail.com (JIRA)

unread,

Jul 21, 2019, 9:00:02 AM7/21/19

to jenkinsc...@googlegroups.com

Martin d'Anjou created an issue

Jenkins /

JENKINS-58584

The installNecessaryPluing REST API silently fails when plugin name is wrong

Issue Type:	Bug
Assignee:	Unassigned
Components:	core
Created:	2019-07-21 12:59
Environment:	Jenkins 2.176.2
Priority:	Minor
Reporter:	Martin d'Anjou

When the plugin name is wrong, the installNecessaryPlugin REST API silently accepts it.

 
                                                                CRUMB=$(curl $JENKINS_REST_ENDPOINT/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))

curl -v -L -X POST \
    -d "<jenkins><install plugin=\"extended-read-permission@1.0\" /></jenkins>" \
    -H "Content-Type: text/xml" \
    -H "$CRUMB" \
    "http://localhost:8080/pluginManager/installNecessaryPlugins" 
                                                            

This returns:

 
                                                                 > POST /pluginManager/installNecessaryPlugins HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: text/xml
> Jenkins-Crumb:cfeaec07a1a12decfd5ceff525cd8b01
> Content-Length: 69
>
* upload completely sent off: 69 out of 69 bytes
< HTTP/1.1 302 Found
< Date: Sun, 21 Jul 2019 12:53:56 GMT
< X-Content-Type-Options: nosniff
< Location: http://localhost:8080/updateCenter
< Content-Length: 0
< Server: Jetty(9.4.z-SNAPSHOT)
<
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:8080/updateCenter'
* Switch from POST to GET
* Found bundle for host localhost: 0x56026f0db330 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /updateCenter HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: text/xml
> Jenkins-Crumb:cfeaec07a1a12decfd5ceff525cd8b01
>
< HTTP/1.1 302 Found
< Date: Sun, 21 Jul 2019 12:53:56 GMT
< X-Content-Type-Options: nosniff
< Location: http://localhost:8080/updateCenter/
< Content-Length: 0
< Server: Jetty(9.4.z-SNAPSHOT)
<
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:8080/updateCenter/'
* Found bundle for host localhost: 0x56026f0db330 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /updateCenter/ HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.47.0
> Accept: */*
> Content-Type: text/xml
> Jenkins-Crumb:cfeaec07a1a12decfd5ceff525cd8b01
>
< HTTP/1.1 200 OK
< Date: Sun, 21 Jul 2019 12:53:56 GMT
< X-Content-Type-Options: nosniff
< Content-Type: text/html;charset=utf-8
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Cache-Control: no-cache,no-store,must-revalidate
< X-Hudson-Theme: default
< Referrer-Policy: same-origin
< Set-Cookie: JSESSIONID.7b3dc8aa=node01vbzel0qvprdl90tcyx4l56f66.node0;Path=/;HttpOnly
< X-Hudson: 1.395
< X-Jenkins: 2.176.2
< X-Jenkins-Session: 8868fc82
< X-Hudson-CLI-Port: 36861
< X-Jenkins-CLI-Port: 36861
< X-Jenkins-CLI2-Port: 36861
< X-Frame-Options: sameorigin
< X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB7RCj4V0Ify29GRMl0wCp7Lj7FLz0QJ8am1DKx3li0ohcKDc4zIVn7bHtxC4OOa+hwaoY2yCNMXlbWelPuhQjhXZO2pSnBX3IacxQU/Q8fvHmYJ/H0p+Wn7ALj7PvWFG/exRBPYVBnn7vXmwViaUbk9P5r+hPz7NRON5l2A6A8OHBiTxcgMxNT+mh5h++JTmM0dwNTkOyoEev8UFAhsVObJPYKdfcLaMs6d8VYVc/meVNxRmlXVAutJKKpMye+YnxgImeU0uMqo45OXmzpjlQsPL/6GG3Z/24/BkqXo6Lqhq3hVYCj1rgo+oOhEAiqoqAgxpUDCJe/6Jx4392GxdwIDAQAB
< Content-Length: 12343
< Server: Jetty(9.4.z-SNAPSHOT)
 
                                                            

But in the log we see:

 
                                                                WARNING: No such plugin extended-read-permissions to install

The REST API should return a HTTP code indicating an error. Otherwise, the REST API silently ignores errors and it cannot be automated.

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

martin.danjou14@gmail.com (JIRA)

unread,

Jul 21, 2019, 9:01:04 AM7/21/19

to jenkinsc...@googlegroups.com

Martin d'Anjou updated an issue

Jenkins /

JENKINS-58584

The installNecessaryPluing REST API silently fails when plugin name is wrong

Change By:	Martin d'Anjou
Issue Type:	Bug Improvement

Add Comment

martin.danjou14@gmail.com (JIRA)

unread,

Jul 21, 2019, 9:02:03 AM7/21/19

to jenkinsc...@googlegroups.com

Martin d'Anjou updated an issue

Jenkins /

JENKINS-58584

The installNecessaryPluing REST API silently fails when plugin name is wrong

Change By:	Martin d'Anjou

This is an Improvement ticket to address the following problem:

When the plugin name is wrong, the installNecessaryPlugin REST API silently accepts it.

{noformat}

CRUMB=$(curl $JENKINS_REST_ENDPOINT/crumbIssuer/api/xml?xpath=concat$//crumbRequestField,%22:%22,//crumb$)

curl -v -L -X POST \
    -d "<jenkins><install plugin=\"extended-read-permission@1.0\" /></jenkins>" \
    -H "Content-Type: text/xml" \
    -H "$CRUMB" \

"http://localhost:8080/pluginManager/installNecessaryPlugins"{noformat}
This returns:
{noformat}

{noformat}

But in the log we see:

{noformat}

WARNING: No such plugin extended-read-permissions to install

{noformat}

The REST API should return a HTTP code indicating an error. Otherwise, the REST API silently ignores errors and it cannot be automated.