Search in sources :

Example 1 with ScriptApproval

use of org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval in project workflow-cps-plugin by jenkinsci.

the class WorkflowJobNonRestartingTest method assertRejected.

private void assertRejected(String script) throws Exception {
    String signature = "staticMethod jenkins.model.Jenkins getInstance";
    ScriptApproval scriptApproval = ScriptApproval.get();
    scriptApproval.denySignature(signature);
    assertEquals(Collections.emptySet(), scriptApproval.getPendingSignatures());
    WorkflowJob p = jenkins.createProject(WorkflowJob.class);
    p.setDefinition(new CpsFlowDefinition(script, true));
    WorkflowRun b = p.scheduleBuild2(0).get();
    jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use " + signature, b);
    jenkins.assertBuildStatus(Result.FAILURE, b);
    Set<ScriptApproval.PendingSignature> pendingSignatures = scriptApproval.getPendingSignatures();
    assertEquals(script, 1, pendingSignatures.size());
    assertEquals(signature, pendingSignatures.iterator().next().signature);
}
Also used : CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition) WorkflowJob(org.jenkinsci.plugins.workflow.job.WorkflowJob) ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval) WorkflowRun(org.jenkinsci.plugins.workflow.job.WorkflowRun)

Example 2 with ScriptApproval

use of org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval in project workflow-job-plugin by jenkinsci.

the class WorkflowRunTest method scriptApproval.

@Test
public void scriptApproval() throws Exception {
    r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
    r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("devel").grant(Item.PERMISSIONS.getPermissions().toArray(new Permission[0])).everywhere().to("devel"));
    final WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
    final String groovy = "println 'hello'";
    ACL.impersonate(User.get("devel").impersonate(), new Runnable() {

        @Override
        public void run() {
            p.setDefinition(new CpsFlowDefinition(groovy));
        }
    });
    r.assertLogContains("UnapprovedUsageException", r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get()));
    Set<ScriptApproval.PendingScript> pendingScripts = ScriptApproval.get().getPendingScripts();
    assertEquals(1, pendingScripts.size());
    ScriptApproval.PendingScript pendingScript = pendingScripts.iterator().next();
    assertEquals(groovy, pendingScript.script);
    // only works if configured via WebClient: assertEquals(p, pendingScript.getContext().getItem());
    assertEquals("devel", pendingScript.getContext().getUser());
    ScriptApproval.get().approveScript(pendingScript.getHash());
    r.assertLogContains("hello", r.assertBuildStatusSuccess(p.scheduleBuild2(0)));
}
Also used : CpsFlowDefinition(org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition) MockAuthorizationStrategy(org.jvnet.hudson.test.MockAuthorizationStrategy) ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval) Test(org.junit.Test)

Aggregations

ScriptApproval (org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)2 CpsFlowDefinition (org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition)2 WorkflowJob (org.jenkinsci.plugins.workflow.job.WorkflowJob)1 WorkflowRun (org.jenkinsci.plugins.workflow.job.WorkflowRun)1 Test (org.junit.Test)1 MockAuthorizationStrategy (org.jvnet.hudson.test.MockAuthorizationStrategy)1