Skip to content

Commit

Permalink
Merge branch 'master' into bugfix/addCredentials
Browse files Browse the repository at this point in the history
  • Loading branch information
Dohbedoh authored Oct 9, 2024
2 parents 8dc8ff6 + f0a2ed0 commit 23ee500
Show file tree
Hide file tree
Showing 27 changed files with 408 additions and 330 deletions.
13 changes: 6 additions & 7 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<parent>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>plugin</artifactId>
<version>4.85</version>
<version>4.88</version>
<relativePath />
</parent>

Expand Down Expand Up @@ -67,7 +67,8 @@
<properties>
<changelist>999999-SNAPSHOT</changelist>
<gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
<jenkins.version>2.426.3</jenkins.version>
<jenkins.version>2.462.3</jenkins.version>
<hpi.compatibleSinceVersion>1372</hpi.compatibleSinceVersion>
</properties>

<repositories>
Expand All @@ -87,9 +88,8 @@
<dependencies>
<dependency>
<groupId>io.jenkins.tools.bom</groupId>
<artifactId>bom-2.426.x</artifactId>
<!-- when updating remove the bouncycastle-api override -->
<version>2961.v1f472390972e</version>
<artifactId>bom-2.452.x</artifactId>
<version>3208.vb_21177d4b_cd9</version>
<scope>import</scope>
<type>pom</type>
</dependency>
Expand All @@ -109,7 +109,6 @@
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>bouncycastle-api</artifactId>
<version>2.30.1.78.1-246.ve1089fe22055</version>
</dependency>
<!-- test dependencies -->
<dependency>
Expand Down Expand Up @@ -182,7 +181,7 @@
<groupId>org.antlr</groupId>
<artifactId>antlr4-maven-plugin</artifactId>
<!-- This must be compatible with the ANTLR runtime provided by Jenkins core. -->
<version>4.13.1</version>
<version>4.13.2</version>
<configuration>
<listener>true</listener>
<visitor>true</visitor>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package com.cloudbees.plugins.credentials;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import jenkins.security.ExtendedReadRedaction;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted(NoExternalUse.class)
// @Extension
// See SecretBytesReactionExtension
public class SecretBytesRedaction implements ExtendedReadRedaction {
private static final Pattern SECRET_BYTES_PATTERN = Pattern.compile(">(" + SecretBytes.ENCRYPTED_VALUE_PATTERN + ")<");

@Override
public String apply(String configDotXml) {
Matcher matcher = SECRET_BYTES_PATTERN.matcher(configDotXml);
StringBuilder cleanXml = new StringBuilder();
while (matcher.find()) {
if (SecretBytes.isSecretBytes(matcher.group(1))) {
matcher.appendReplacement(cleanXml, ">********<");
}
}
matcher.appendTail(cleanXml);
return cleanXml.toString();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
package com.cloudbees.plugins.credentials;

import hudson.ExtensionList;
import hudson.init.Initializer;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.security.ExtendedReadRedaction;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted(NoExternalUse.class)
public class SecretBytesRedactionExtension {

public static final Logger LOGGER = Logger.getLogger(SecretBytesRedactionExtension.class.getName());

// TODO Delete this and annotate `SecretBytesRedaction` with `@Extension` once the core dependency is >= 2.479
@Initializer
public static void create() {
try {
ExtensionList.lookup(ExtendedReadRedaction.class).add(new SecretBytesRedaction());
} catch (NoClassDefFoundError unused) {
LOGGER.log(Level.WARNING, "Failed to register SecretBytesRedaction. Update Jenkins to add support for redacting credentials in config.xml files from users with ExtendedRead permission. Learn more: https://www.jenkins.io/redirect/plugin/credentials/SecretBytesRedaction/");
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -575,11 +575,11 @@ public String getDisplayName() {
@Restricted(NoExternalUse.class)
@RequirePOST
public FormValidation doCheckUploadedKeystore(@QueryParameter String value,
@QueryParameter String uploadedCertFile,
@QueryParameter String certificateBase64,
@QueryParameter String password) {
// Priority for the file, to cover the (re-)upload cases
if (StringUtils.isNotEmpty(uploadedCertFile)) {
byte[] uploadedCertFileBytes = Base64.getDecoder().decode(uploadedCertFile.getBytes(StandardCharsets.UTF_8));
if (StringUtils.isNotEmpty(certificateBase64)) {
byte[] uploadedCertFileBytes = Base64.getDecoder().decode(certificateBase64.getBytes(StandardCharsets.UTF_8));
return validateCertificateKeystore(uploadedCertFileBytes, password);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,19 @@
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.util.FormValidation;
import hudson.util.Secret;

import jenkins.security.FIPS140;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

import java.util.Objects;

/**
* Concrete implementation of {@link StandardUsernamePasswordCredentials}.
Expand Down Expand Up @@ -73,9 +81,13 @@ public class UsernamePasswordCredentialsImpl extends BaseStandardCredentials imp
@SuppressWarnings("unused") // by stapler
public UsernamePasswordCredentialsImpl(@CheckForNull CredentialsScope scope,
@CheckForNull String id, @CheckForNull String description,
@CheckForNull String username, @CheckForNull String password) {
@CheckForNull String username, @CheckForNull String password)
throws Descriptor.FormException {
super(scope, id, description);
this.username = Util.fixNull(username);
if(FIPS140.useCompliantAlgorithms() && StringUtils.length(password) < 14) {
throw new Descriptor.FormException(Messages.passwordTooShortFIPS(), "password");
}
this.password = Secret.fromString(password);
}

Expand Down Expand Up @@ -128,5 +140,13 @@ public String getDisplayName() {
public String getIconClassName() {
return "symbol-id-card";
}

@RequirePOST
public FormValidation doCheckPassword(@QueryParameter String password) {
if(FIPS140.useCompliantAlgorithms() && StringUtils.length(password) < 14) {
return FormValidation.error(Messages.passwordTooShortFIPS());
}
return FormValidation.ok();
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.util.Secret;

@Extension
Expand All @@ -25,8 +26,13 @@ public StandardUsernamePasswordCredentials snapshot(StandardUsernamePasswordCred
if (credentials instanceof UsernamePasswordCredentialsImpl) {
return credentials;
}
UsernamePasswordCredentialsImpl snapshot = new UsernamePasswordCredentialsImpl(credentials.getScope(), credentials.getId(), credentials.getDescription(), credentials.getUsername(), Secret.toString(credentials.getPassword()));
snapshot.setUsernameSecret(credentials.isUsernameSecret());
return snapshot;
try {
UsernamePasswordCredentialsImpl snapshot =
new UsernamePasswordCredentialsImpl(credentials.getScope(), credentials.getId(), credentials.getDescription(), credentials.getUsername(), Secret.toString(credentials.getPassword()));
snapshot.setUsernameSecret(credentials.isUsernameSecret());
return snapshot;
} catch (Descriptor.FormException e) {
throw new RuntimeException(e);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,6 @@
</f:bottomButtonBar>
</f:form>
</j:scope>
<script>
// TODO remove this JENKINS-24662 workaround when baseline core has fix for root cause
window.setTimeout(function(){layoutUpdateCallback.call();}, 1000);
</script>
</l:main-panel>
</l:layout>
</j:jelly>
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
<j:otherwise>
<f:form action="configSubmit" method="POST" name="config">
<f:entry title="${%Name}" help="/plugin/credentials/help/domain/name.html">
<f:textbox field="name" id="name" onchange="updateSave(this.form)" onkeyup="updateSave(this.form)"/>
<f:textbox field="name" clazz="required-for-submit"/>
</f:entry>
<f:entry title="${%Description}" help="/plugin/credentials/help/domain/description.html">
<f:textarea field="description"/>
Expand All @@ -54,28 +54,14 @@
items="${instance.specifications}"/>
</f:entry>
<f:bottomButtonBar>
<input type="submit" name="Submit" value="${%Save}" id="save" class="submit-button primary" />
<button formnovalidate="formNoValidate" id="save" name="Submit" class="jenkins-button jenkins-button--primary">
${%Save}
</button>
</f:bottomButtonBar>
</f:form>
</j:otherwise>
</j:choose>
<script><![CDATA[
var saveButton = makeButton(document.getElementById('save'), null);
function updateSave(form) {
function state() {
return (document.getElementById('name').value.length === 0);
}
saveButton.set('disabled', state(), false);
}
updateSave(saveButton.getForm());
window.setTimeout(function () {
// TODO remove this JENKINS-24662 workaround when baseline core has fix for root cause
layoutUpdateCallback.call();
}, 1000);
]]></script>
<st:adjunct includes="com.cloudbees.plugins.credentials.common.formBehaviour"/>
</l:main-panel>
</l:layout>
</j:jelly>
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,6 @@
<f:submit value="${%Create}"/>
</f:bottomButtonBar>
</f:form>
<script>
// TODO remove this JENKINS-24662 workaround when baseline core has fix for root cause
window.setTimeout(function(){layoutUpdateCallback.call();}, 1000);
</script>
</l:main-panel>
</l:layout>
</j:jelly>
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,7 @@
<j:set var="instance" value="${null}"/>
<f:form action="createDomain" method="POST" name="newDomain">
<f:entry title="${%Domain Name}" help="/plugin/credentials/help/domain/name.html">
<f:textbox id="name" field="name" onchange="updateOk(this.form)" onkeyup="updateOk(this.form)"/>
<script>document.getElementById('name').focus();</script>
<f:textbox field="name" clazz="autofocus required-for-submit"/>
</f:entry>
<f:entry title="${%Description}" help="/plugin/credentials/help/domain/description.html">
<f:textarea name="description"/>
Expand All @@ -43,22 +42,12 @@
items="${null}"/>
</f:entry>
<f:bottomButtonBar>
<input type="submit" name="Submit" value="${%Create}" id="ok" class="submit-button primary" />
<button type="submit" name="Submit" id="ok" class="jenkins-button jenkins-button--primary">
${%Create}
</button>
</f:bottomButtonBar>
</f:form>
<script><![CDATA[
var okButton = makeButton(document.getElementById('ok'), null);
function updateOk(form) {
function state() {
return (document.getElementById('name').value.length === 0);
}
okButton.set('disabled', state(), false);
}
updateOk(okButton.getForm());
]]></script>
<st:adjunct includes="com.cloudbees.plugins.credentials.common.formBehaviour"/>
</l:main-panel>
</l:layout>
</j:jelly>
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,6 @@
<f:apply/>
</f:bottomButtonBar>
</f:form>
<script>
// TODO remove this JENKINS-24662 workaround when baseline core has fix for root cause
window.setTimeout(function(){layoutUpdateCallback.call();}, 1000);
</script>
</l:main-panel>
</l:layout>
</j:jelly>
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Behaviour.specify(".required-for-submit", 'required-for-submit', -99, function(requiredField) {
const saveButton = requiredField.closest("form").querySelector('[name="Submit"]');
function updateSave() {
const state = requiredField.value.length === 0;
saveButton.disabled = state;
}
requiredField.addEventListener('input', updateSave);
updateSave(saveButton);
});

Behaviour.specify(".autofocus", "autofocus", 0, function(el) {
el.focus();
});
Loading

0 comments on commit 23ee500

Please sign in to comment.