Example 1 with ScriptApproval
use of org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval in project workflow-cps-plugin by jenkinsci.
the class WorkflowJobNonRestartingTest method assertRejected.
private void assertRejected(String script) throws Exception {
String signature = "staticMethod jenkins.model.Jenkins getInstance";
ScriptApproval scriptApproval = ScriptApproval.get();
scriptApproval.denySignature(signature);
assertEquals(Collections.emptySet(), scriptApproval.getPendingSignatures());
WorkflowJob p = jenkins.createProject(WorkflowJob.class);
p.setDefinition(new CpsFlowDefinition(script, true));
WorkflowRun b = p.scheduleBuild2(0).get();
jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use " + signature, b);
jenkins.assertBuildStatus(Result.FAILURE, b);
Set<ScriptApproval.PendingSignature> pendingSignatures = scriptApproval.getPendingSignatures();
assertEquals(script, 1, pendingSignatures.size());
assertEquals(signature, pendingSignatures.iterator().next().signature);
}
Also used :
CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)
WorkflowJob(org.jenkinsci.plugins.workflow.job.WorkflowJob)
ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)
WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun)
Example 2 with ScriptApproval
use of org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval in project workflow-job-plugin by jenkinsci.
the class WorkflowRunTest method scriptApproval.
@Test
public void scriptApproval() throws Exception {
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("devel").grant(Item.PERMISSIONS.getPermissions().toArray(new Permission[0])).everywhere().to("devel"));
final WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
final String groovy = "println 'hello'";
ACL.impersonate(User.get("devel").impersonate(), new Runnable() {
@Override
public void run() {
p.setDefinition(new CpsFlowDefinition(groovy));
}
});
r.assertLogContains("UnapprovedUsageException", r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get()));
Set<ScriptApproval.PendingScript> pendingScripts = ScriptApproval.get().getPendingScripts();
assertEquals(1, pendingScripts.size());
ScriptApproval.PendingScript pendingScript = pendingScripts.iterator().next();
assertEquals(groovy, pendingScript.script);
// only works if configured via WebClient: assertEquals(p, pendingScript.getContext().getItem());
assertEquals("devel", pendingScript.getContext().getUser());
ScriptApproval.get().approveScript(pendingScript.getHash());
r.assertLogContains("hello", r.assertBuildStatusSuccess(p.scheduleBuild2(0)));
}
Also used :
CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)
MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy)
ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)
Test(org.junit.Test)
Aggregations
ScriptApproval (org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)2
CpsFlowDefinition (org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)2
WorkflowJob (org.jenkinsci.plugins.workflow.job.WorkflowJob)1
WorkflowRun (org.jenkinsci.plugins.workflow.job.WorkflowRun)1
Test (org.junit.Test)1
MockAuthorizationStrategy (org.jvnet.hudson.test.MockAuthorizationStrategy)1
