Search in sources :

Example 1 with PasswordParameterValue

use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.

the class ReplayActionTest method withPasswordParameter.

@Issue("SECURITY-2443")
@Test
public void withPasswordParameter() {
    story.then(r -> {
        WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
        p.addProperty(new ParametersDefinitionProperty(new PasswordParameterDefinition("passwordParam", "top secret", "")));
        p.setDefinition(new CpsFlowDefinition("echo(/passwordParam: ${passwordParam}/)", true));
        WorkflowRun run1 = story.j.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new PasswordParameterValue("passwordParam", "confidential"))));
        // When we replay a build with password parameter it should fail with access denied exception.
        assertThrows(Failure.class, () -> run1.getAction(ReplayAction.class).run("echo(/Replaying passwordParam: ${passwordParam}/)", Collections.emptyMap()).get());
    });
}
Also used : ParametersDefinitionProperty(hudson.model.ParametersDefinitionProperty) CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition) PasswordParameterDefinition(hudson.model.PasswordParameterDefinition) PasswordParameterValue(hudson.model.PasswordParameterValue) WorkflowJob(org.jenkinsci.plugins.workflow.job.WorkflowJob) ParametersAction(hudson.model.ParametersAction) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test)

Example 2 with PasswordParameterValue

use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.

the class DSLTest method emptyPasswordParametersIgnored.

@Issue("JENKINS-64282")
@Test
public void emptyPasswordParametersIgnored() throws Exception {
    String shellStep = Functions.isWindows() ? "bat" : "sh";
    p.setDefinition(new CpsFlowDefinition("" + "node {\n" + shellStep + " \"echo ${params.TEXT} ${params.PASSWORD}\"\n" + "}", true));
    p.addProperty(new ParametersDefinitionProperty(new StringParameterDefinition("TEXT", ""), new PasswordParameterDefinition("PASSWORD", "", null)));
    WorkflowRun run = r.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new StringParameterValue("TEXT", "hello"), new PasswordParameterValue("PASSWORD", ""))));
    r.assertLogNotContains("Warning: A secret was passed", run);
    r.assertLogNotContains("Affected argument(s) used the following", run);
    LinearScanner scan = new LinearScanner();
    FlowNode node = scan.findFirstMatch(run.getExecution().getCurrentHeads().get(0), new NodeStepTypePredicate(shellStep));
    ArgumentsAction argAction = node.getPersistentAction(ArgumentsAction.class);
    Assert.assertTrue(argAction.isUnmodifiedArguments());
    MatcherAssert.assertThat(argAction.getArguments().values().iterator().next(), is("echo hello "));
}
Also used : ArgumentsAction(org.jenkinsci.plugins.workflow.actions.ArgumentsAction) StringParameterDefinition(hudson.model.StringParameterDefinition) StringParameterValue(hudson.model.StringParameterValue) PasswordParameterValue(hudson.model.PasswordParameterValue) Matchers.containsString(org.hamcrest.Matchers.containsString) ParametersAction(hudson.model.ParametersAction) LinearScanner(org.jenkinsci.plugins.workflow.graphanalysis.LinearScanner) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun) NodeStepTypePredicate(org.jenkinsci.plugins.workflow.graphanalysis.NodeStepTypePredicate) ParametersDefinitionProperty(hudson.model.ParametersDefinitionProperty) PasswordParameterDefinition(hudson.model.PasswordParameterDefinition) FlowNode(org.jenkinsci.plugins.workflow.graph.FlowNode) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test)

Example 3 with PasswordParameterValue

use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.

the class DSLTest method passwordParametersSanitized.

@Issue("JENKINS-47101")
@Test
public void passwordParametersSanitized() throws Exception {
    String shellStep = Functions.isWindows() ? "bat" : "sh";
    p.setDefinition(new CpsFlowDefinition("" + "node {\n" + shellStep + " \"echo ${params.TEXT} ${params.PASSWORD}\"\n" + "}", true));
    p.addProperty(new ParametersDefinitionProperty(new StringParameterDefinition("TEXT", ""), new PasswordParameterDefinition("PASSWORD", "", null)));
    WorkflowRun run = r.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new StringParameterValue("TEXT", "hello"), new PasswordParameterValue("PASSWORD", "s3cr3t"))));
    r.assertLogContains("Warning: A secret was passed to \"" + shellStep + "\"", run);
    r.assertLogContains("Affected argument(s) used the following variable(s): [PASSWORD]", run);
    InterpolatedSecretsAction reportAction = run.getAction(InterpolatedSecretsAction.class);
    Assert.assertNotNull(reportAction);
    List<InterpolatedSecretsAction.InterpolatedWarnings> warnings = reportAction.getWarnings();
    MatcherAssert.assertThat(warnings.size(), is(1));
    InterpolatedSecretsAction.InterpolatedWarnings stepWarning = warnings.get(0);
    MatcherAssert.assertThat(stepWarning.getStepName(), is(shellStep));
    MatcherAssert.assertThat(stepWarning.getInterpolatedVariables(), is(Arrays.asList("PASSWORD")));
    LinearScanner scan = new LinearScanner();
    FlowNode node = scan.findFirstMatch(run.getExecution().getCurrentHeads().get(0), new NodeStepTypePredicate(shellStep));
    ArgumentsAction argAction = node.getPersistentAction(ArgumentsAction.class);
    Assert.assertFalse(argAction.isUnmodifiedArguments());
    MatcherAssert.assertThat(argAction.getArguments().values().iterator().next(), is("echo hello ${PASSWORD}"));
}
Also used : ArgumentsAction(org.jenkinsci.plugins.workflow.actions.ArgumentsAction) StringParameterDefinition(hudson.model.StringParameterDefinition) StringParameterValue(hudson.model.StringParameterValue) PasswordParameterValue(hudson.model.PasswordParameterValue) Matchers.containsString(org.hamcrest.Matchers.containsString) ParametersAction(hudson.model.ParametersAction) LinearScanner(org.jenkinsci.plugins.workflow.graphanalysis.LinearScanner) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun) NodeStepTypePredicate(org.jenkinsci.plugins.workflow.graphanalysis.NodeStepTypePredicate) ParametersDefinitionProperty(hudson.model.ParametersDefinitionProperty) PasswordParameterDefinition(hudson.model.PasswordParameterDefinition) InterpolatedSecretsAction(org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction) FlowNode(org.jenkinsci.plugins.workflow.graph.FlowNode) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test)

Example 4 with PasswordParameterValue

use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.

the class ParamsVariableTest method smokes.

@Issue("JENKINS-27295")
@Test
public void smokes() throws Exception {
    WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
    p.setDefinition(new CpsFlowDefinition("echo(/TEXT=${params.TEXT} FLAG=${params.FLAG ? 'yes' : 'no'} PASS=${params.PASS}/)", true));
    p.addProperty(new ParametersDefinitionProperty(new StringParameterDefinition("TEXT", ""), new BooleanParameterDefinition("FLAG", false, null), new PasswordParameterDefinition("PASS", "", null)));
    WorkflowRun b = r.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new StringParameterValue("TEXT", "hello"), new BooleanParameterValue("FLAG", true), new PasswordParameterValue("PASS", "s3cr3t"))));
    r.assertLogContains("TEXT=hello", b);
    r.assertLogContains("FLAG=yes", b);
    r.assertLogContains("PASS=s3cr3t", b);
}
Also used : StringParameterDefinition(hudson.model.StringParameterDefinition) BooleanParameterDefinition(hudson.model.BooleanParameterDefinition) ParametersDefinitionProperty(hudson.model.ParametersDefinitionProperty) BooleanParameterValue(hudson.model.BooleanParameterValue) PasswordParameterDefinition(hudson.model.PasswordParameterDefinition) StringParameterValue(hudson.model.StringParameterValue) PasswordParameterValue(hudson.model.PasswordParameterValue) WorkflowJob(org.jenkinsci.plugins.workflow.job.WorkflowJob) ParametersAction(hudson.model.ParametersAction) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test)

Aggregations

ParametersAction (hudson.model.ParametersAction)4 ParametersDefinitionProperty (hudson.model.ParametersDefinitionProperty)4 PasswordParameterDefinition (hudson.model.PasswordParameterDefinition)4 PasswordParameterValue (hudson.model.PasswordParameterValue)4 WorkflowRun (org.jenkinsci.plugins.workflow.job.WorkflowRun)4 Test (org.junit.Test)4 Issue (org.jvnet.hudson.test.Issue)4 StringParameterDefinition (hudson.model.StringParameterDefinition)3 StringParameterValue (hudson.model.StringParameterValue)3 Matchers.containsString (org.hamcrest.Matchers.containsString)2 ArgumentsAction (org.jenkinsci.plugins.workflow.actions.ArgumentsAction)2 FlowNode (org.jenkinsci.plugins.workflow.graph.FlowNode)2 LinearScanner (org.jenkinsci.plugins.workflow.graphanalysis.LinearScanner)2 NodeStepTypePredicate (org.jenkinsci.plugins.workflow.graphanalysis.NodeStepTypePredicate)2 WorkflowJob (org.jenkinsci.plugins.workflow.job.WorkflowJob)2 BooleanParameterDefinition (hudson.model.BooleanParameterDefinition)1 BooleanParameterValue (hudson.model.BooleanParameterValue)1 CpsFlowDefinition (org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)1 InterpolatedSecretsAction (org.jenkinsci.plugins.workflow.cps.view.InterpolatedSecretsAction)1