use of org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval in project workflow-cps-plugin by jenkinsci.
the class WorkflowJobNonRestartingTest method assertRejected.
private void assertRejected(String script) throws Exception {
String signature = "staticMethod jenkins.model.Jenkins getInstance";
ScriptApproval scriptApproval = ScriptApproval.get();
scriptApproval.denySignature(signature);
assertEquals(Collections.emptySet(), scriptApproval.getPendingSignatures());
WorkflowJob p = jenkins.createProject(WorkflowJob.class);
p.setDefinition(new CpsFlowDefinition(script, true));
WorkflowRun b = p.scheduleBuild2(0).get();
jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use " + signature, b);
jenkins.assertBuildStatus(Result.FAILURE, b);
Set<ScriptApproval.PendingSignature> pendingSignatures = scriptApproval.getPendingSignatures();
assertEquals(script, 1, pendingSignatures.size());
assertEquals(signature, pendingSignatures.iterator().next().signature);
}
use of org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval in project workflow-job-plugin by jenkinsci.
the class WorkflowRunTest method scriptApproval.
@Test
public void scriptApproval() throws Exception {
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("devel").grant(Item.PERMISSIONS.getPermissions().toArray(new Permission[0])).everywhere().to("devel"));
final WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
final String groovy = "println 'hello'";
ACL.impersonate(User.get("devel").impersonate(), new Runnable() {
@Override
public void run() {
p.setDefinition(new CpsFlowDefinition(groovy));
}
});
r.assertLogContains("UnapprovedUsageException", r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get()));
Set<ScriptApproval.PendingScript> pendingScripts = ScriptApproval.get().getPendingScripts();
assertEquals(1, pendingScripts.size());
ScriptApproval.PendingScript pendingScript = pendingScripts.iterator().next();
assertEquals(groovy, pendingScript.script);
// only works if configured via WebClient: assertEquals(p, pendingScript.getContext().getItem());
assertEquals("devel", pendingScript.getContext().getUser());
ScriptApproval.get().approveScript(pendingScript.getHash());
r.assertLogContains("hello", r.assertBuildStatusSuccess(p.scheduleBuild2(0)));
}
Aggregations