Search in sources :

Example 1 with ClasspathEntry

use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.

the class ExtendedEmailPublisher method expandClasspath.

/**
 * Expand the plugin class loader with URL taken from the project descriptor
 * and the global configuration.
 *
 * @param context the current email context
 * @param loader the class loader to expand
 * @return the new expanded classloader
 */
private ClassLoader expandClasspath(ExtendedEmailPublisherContext context, ClassLoader loader) throws IOException {
    List<ClasspathEntry> classpathList = new ArrayList<>();
    if (classpath != null && !classpath.isEmpty()) {
        transformToClasspathEntries(classpath, context, classpathList);
    }
    List<GroovyScriptPath> globalClasspath = getDescriptor().getDefaultClasspath();
    if (globalClasspath != null && !globalClasspath.isEmpty()) {
        transformToClasspathEntries(globalClasspath, context, classpathList);
    }
    boolean useSecurity = Jenkins.get().isUseSecurity();
    if (!classpathList.isEmpty()) {
        GroovyClassLoader gloader = new GroovyClassLoader(loader);
        gloader.setShouldRecompile(true);
        for (ClasspathEntry entry : classpathList) {
            if (useSecurity) {
                ScriptApproval.get().using(entry);
            }
            gloader.addURL(entry.getURL());
        }
        loader = gloader;
    }
    if (useSecurity) {
        return GroovySandbox.createSecureClassLoader(loader);
    } else {
        return loader;
    }
}
Also used : GroovyClassLoader(groovy.lang.GroovyClassLoader) ArrayList(java.util.ArrayList) ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)

Example 2 with ClasspathEntry

use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.

the class ExtendedEmailPublisherDescriptor method setDefaultClasspath.

@DataBoundSetter
public void setDefaultClasspath(List<GroovyScriptPath> defaultClasspath) throws FormException {
    if (Jenkins.get().isUseSecurity()) {
        ScriptApproval approval = ScriptApproval.get();
        ApprovalContext context = ApprovalContext.create().withCurrentUser();
        for (GroovyScriptPath path : defaultClasspath) {
            URL u = path.asURL();
            if (u != null) {
                try {
                    approval.configuring(new ClasspathEntry(u.toString()), context);
                } catch (MalformedURLException e) {
                    throw new FormException(e, "defaultClasspath");
                }
            }
        }
    }
    this.defaultClasspath = defaultClasspath;
}
Also used : ApprovalContext(org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext) MalformedURLException(java.net.MalformedURLException) ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry) ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval) URL(java.net.URL) DataBoundSetter(org.kohsuke.stapler.DataBoundSetter)

Example 3 with ClasspathEntry

use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.

the class AbstractScriptTrigger method evaluate.

private Object evaluate(AbstractBuild<?, ?> build, TaskListener listener) throws IOException {
    ClassLoader loader = Jenkins.get().getPluginManager().uberClassLoader;
    JenkinsLocationConfiguration configuration = JenkinsLocationConfiguration.get();
    assert configuration != null;
    URLClassLoader urlcl = null;
    List<ClasspathEntry> cp = secureTriggerScript.getClasspath();
    if (!cp.isEmpty()) {
        List<URL> urlList = new ArrayList<>(cp.size());
        for (ClasspathEntry entry : cp) {
            ScriptApproval.get().using(entry);
            urlList.add(entry.getURL());
        }
        loader = urlcl = new URLClassLoader(urlList.toArray(new URL[0]), loader);
    }
    try {
        loader = GroovySandbox.createSecureClassLoader(loader);
        CompilerConfiguration cc;
        if (secureTriggerScript.isSandbox()) {
            cc = GroovySandbox.createSecureCompilerConfiguration();
        } else {
            cc = new CompilerConfiguration();
        }
        cc.addCompilationCustomizers(new ImportCustomizer().addStarImports("jenkins", "jenkins.model", "hudson", "hudson.model"));
        Binding binding = new Binding();
        binding.setVariable("build", build);
        binding.setVariable("project", build.getParent());
        binding.setVariable("rooturl", configuration.getUrl());
        PrintStream logger = listener.getLogger();
        binding.setVariable("out", logger);
        GroovyShell shell = new GroovyShell(loader, binding, cc);
        if (secureTriggerScript.isSandbox()) {
            try {
                return GroovySandbox.run(shell, secureTriggerScript.getScript(), new ProxyWhitelist(Whitelist.all(), new PrintStreamInstanceWhitelist(logger)));
            } catch (RejectedAccessException x) {
                throw ScriptApproval.get().accessRejected(x, ApprovalContext.create());
            }
        } else {
            return shell.evaluate(ScriptApproval.get().using(secureTriggerScript.getScript(), GroovyLanguage.get()));
        }
    } finally {
        if (urlcl != null) {
            urlcl.close();
        }
    }
}
Also used : Binding(groovy.lang.Binding) PrintStream(java.io.PrintStream) PrintStreamInstanceWhitelist(hudson.plugins.emailext.groovy.sandbox.PrintStreamInstanceWhitelist) JenkinsLocationConfiguration(jenkins.model.JenkinsLocationConfiguration) RejectedAccessException(org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException) ArrayList(java.util.ArrayList) URL(java.net.URL) GroovyShell(groovy.lang.GroovyShell) ProxyWhitelist(org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist) URLClassLoader(java.net.URLClassLoader) CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration) URLClassLoader(java.net.URLClassLoader) ImportCustomizer(org.codehaus.groovy.control.customizers.ImportCustomizer) ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)

Example 4 with ClasspathEntry

use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.

the class ExtendedEmailPublisher method setClasspath.

public void setClasspath(List<GroovyScriptPath> classpath) {
    if (classpath != null && !classpath.isEmpty() && Jenkins.get().isUseSecurity()) {
        // Prepare the classpath for approval
        ScriptApproval scriptApproval = ScriptApproval.get();
        ApprovalContext context = ApprovalContext.create().withCurrentUser();
        StaplerRequest request = Stapler.getCurrentRequest();
        if (request != null) {
            context = context.withItem(request.findAncestorObject(Item.class));
        }
        for (GroovyScriptPath path : classpath) {
            URL pUrl = path.asURL();
            if (pUrl != null) {
                // At least we can try to catch some of them, but some might need token expansion
                try {
                    scriptApproval.configuring(new ClasspathEntry(pUrl.toString()), context);
                } catch (MalformedURLException e) {
                    // At least we tried, but we shouldn't end up here since path.asURL() would have returned null
                    assert false : e;
                }
            }
        }
    }
    this.classpath = classpath;
}
Also used : ApprovalContext(org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext) MalformedURLException(java.net.MalformedURLException) StaplerRequest(org.kohsuke.stapler.StaplerRequest) ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry) ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval) URL(java.net.URL)

Example 5 with ClasspathEntry

use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.

the class ExtendedEmailPublisher method transformToClasspathEntries.

private void transformToClasspathEntries(List<GroovyScriptPath> input, ExtendedEmailPublisherContext context, List<ClasspathEntry> output) {
    for (GroovyScriptPath path : input) {
        URL url = path.asURL();
        if (url != null) {
            try {
                ClasspathEntry entry = new ClasspathEntry(url.toString());
                output.add(entry);
            } catch (MalformedURLException e) {
                context.getListener().getLogger().printf("[email-ext] Warning: Ignoring classpath: [%s] as it could not be transformed into a valid URL%n", path.getPath());
            }
        }
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry) URL(java.net.URL)

Aggregations

ClasspathEntry (org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)6 URL (java.net.URL)5 MalformedURLException (java.net.MalformedURLException)4 ArrayList (java.util.ArrayList)3 ApprovalContext (org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext)2 ScriptApproval (org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)2 Binding (groovy.lang.Binding)1 GroovyClassLoader (groovy.lang.GroovyClassLoader)1 GroovyShell (groovy.lang.GroovyShell)1 Initializer (hudson.init.Initializer)1 PrintStreamInstanceWhitelist (hudson.plugins.emailext.groovy.sandbox.PrintStreamInstanceWhitelist)1 PrintStream (java.io.PrintStream)1 URLClassLoader (java.net.URLClassLoader)1 List (java.util.List)1 JenkinsLocationConfiguration (jenkins.model.JenkinsLocationConfiguration)1 CompilerConfiguration (org.codehaus.groovy.control.CompilerConfiguration)1 ImportCustomizer (org.codehaus.groovy.control.customizers.ImportCustomizer)1 RejectedAccessException (org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException)1 ProxyWhitelist (org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist)1 DataBoundSetter (org.kohsuke.stapler.DataBoundSetter)1