Merge branch 'master' into update-forms

bom/pom.xml

@@ -191,7 +191,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>com.github.jnr</groupId>
         <artifactId>jnr-posix</artifactId>
-        <version>3.1.11</version>
+        <version>3.1.12</version>
       </dependency>
       <dependency>
         <groupId>org.kohsuke</groupId>
@@ -288,6 +288,11 @@ THE SOFTWARE.
         <artifactId>robust-http-client</artifactId>
         <version>1.2</version>
       </dependency>
+      <dependency>
+        <groupId>org.jenkins-ci</groupId>
+        <artifactId>symbol-annotation</artifactId>
+        <version>1.1</version>
+      </dependency>
       <dependency>
         <groupId>com.sun.mail</groupId>
         <artifactId>jakarta.mail</artifactId>

core/pom.xml

@@ -479,10 +479,9 @@ THE SOFTWARE.
       <groupId>org.jvnet.robust-http-client</groupId>
       <artifactId>robust-http-client</artifactId>
     </dependency>
-    <dependency> <!-- Not included into BOM, plugins should use one from structs-plugin -->
+    <dependency>
       <groupId>org.jenkins-ci</groupId>
       <artifactId>symbol-annotation</artifactId>
-      <version>1.1</version>
     </dependency>
 
     <dependency>

core/src/main/java/hudson/model/NullTaskListener.java

@@ -0,0 +1,42 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2021 CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package hudson.model;
+
+import java.io.PrintStream;
+import org.apache.commons.io.output.NullPrintStream;
+
+/**
+ * @see TaskListener#NULL
+ */
+class NullTaskListener implements TaskListener {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public PrintStream getLogger() {
+        return new NullPrintStream();
+    }
+
+}

core/src/main/java/hudson/model/Queue.java

@@ -3103,7 +3103,12 @@ public static Queue getInstance() {
      */
     @Initializer(after=JOB_CONFIG_ADAPTED)
     public static void init(Jenkins h) {
-        h.getQueue().load();
+        Queue queue = h.getQueue();
+        Item[] items = queue.getItems();
+        if (items.length > 0) {
+            LOGGER.warning(() -> "Loading queue will discard previously scheduled items: " + Arrays.toString(items));
+        }
+        queue.load();
     }
 
     /**

core/src/main/java/hudson/model/TaskListener.java

@@ -27,7 +27,6 @@
 import hudson.console.ConsoleNote;
 import hudson.console.HyperlinkNote;
 import hudson.remoting.Channel;
-import hudson.util.NullStream;
 import hudson.util.StreamTaskListener;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
@@ -155,5 +154,5 @@ default PrintWriter fatalError(String format, Object... args) {
     /**
      * {@link TaskListener} that discards the output.
      */
-    TaskListener NULL = new StreamTaskListener(new NullStream());
+    TaskListener NULL = new NullTaskListener();
 }

core/src/main/java/hudson/slaves/Channels.java

@@ -27,6 +27,7 @@
 import hudson.Launcher.LocalLauncher;
 import hudson.Proc;
 import hudson.model.Computer;
+import hudson.model.Executor;
 import hudson.model.TaskListener;
 import hudson.remoting.Channel;
 import hudson.remoting.ChannelBuilder;
@@ -108,8 +109,10 @@ public synchronized void join() throws InterruptedException {
         };
         cb.withHeaderStream(header);
 
+        Executor executor = Executor.currentExecutor();
+        Object context = executor != null ? executor.getOwner() : proc;
         for (ChannelConfigurator cc : ChannelConfigurator.all()) {
-            cc.onChannelBuilding(cb,null);  // TODO: what to pass as a context?
+            cc.onChannelBuilding(cb, context);
         }
 
         return cb.build(in,out);
@@ -145,8 +148,10 @@ public synchronized void join() throws InterruptedException {
         };
         cb.withHeaderStream(header);
 
+        Executor executor = Executor.currentExecutor();
+        Object context = executor != null ? executor.getOwner() : proc;
         for (ChannelConfigurator cc : ChannelConfigurator.all()) {
-            cc.onChannelBuilding(cb,null);  // TODO: what to pass as a context?
+            cc.onChannelBuilding(cb, context);
         }
 
         return cb.build(proc.getInputStream(),proc.getOutputStream());

core/src/main/java/jenkins/formelementpath/FormElementPathPageDecorator.java

@@ -0,0 +1,20 @@
+package jenkins.formelementpath;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import hudson.Extension;
+import hudson.Main;
+import hudson.model.PageDecorator;
+import jenkins.util.SystemProperties;
+
+@Extension
+public class FormElementPathPageDecorator extends PageDecorator {
+
+    @SuppressFBWarnings("MS_SHOULD_BE_FINAL")
+    private static /*almost final */ boolean ENABLED = Main.isUnitTest ||
+            SystemProperties.getBoolean(FormElementPathPageDecorator.class.getName() + ".enabled");
+
+    public boolean isEnabled() {
+        return ENABLED;
+    }
+
+}

core/src/main/java/jenkins/security/ChannelConfigurator.java

@@ -3,9 +3,13 @@
 import edu.umd.cs.findbugs.annotations.Nullable;
 import hudson.ExtensionList;
 import hudson.ExtensionPoint;
+import hudson.Proc;
 import hudson.remoting.Channel;
 import hudson.remoting.ChannelBuilder;
+import hudson.slaves.Channels;
 import hudson.slaves.SlaveComputer;
+import java.io.OutputStream;
+import java.util.concurrent.ExecutorService;
 
 /**
  * Intercepts the new creation of {@link Channel} and tweak its configuration.
@@ -29,6 +33,8 @@ public abstract class ChannelConfigurator implements ExtensionPoint {
      *      <dl>
      *          <dt>{@link SlaveComputer}
      *          <dd>When a channel is being established to talk to a agent.
+     *          <dt>{@link Proc}
+     *          <dd>When {@link Channels#forProcess(String, ExecutorService, Process, OutputStream)} or overloads are used without a contextual {@link SlaveComputer}.
      *      </dl>
      */
     public void onChannelBuilding(ChannelBuilder builder, @Nullable Object context) {}

core/src/main/java/jenkins/security/s2m/DefaultFilePathFilter.java

@@ -26,12 +26,17 @@
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import hudson.Extension;
+import hudson.ExtensionList;
 import hudson.remoting.ChannelBuilder;
+import hudson.remoting.Command;
+import hudson.remoting.Request;
 import java.io.File;
+import java.lang.reflect.Field;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import jenkins.ReflectiveFilePathFilter;
 import jenkins.security.ChannelConfigurator;
+import jenkins.telemetry.impl.SlaveToMasterFileCallableUsage;
 import jenkins.util.SystemProperties;
 import org.kohsuke.accmod.Restricted;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
@@ -59,6 +64,17 @@ protected boolean op(String op, File f) throws SecurityException {
                     LOGGER.log(Level.FINE, "agent allowed to {0} {1}", new Object[] {op, f});
                     return true;
                 } else {
+                    try {
+                        Field current = Request.class.getDeclaredField("CURRENT");
+                        current.setAccessible(true);
+                        Field createdAt = Command.class.getDeclaredField("createdAt");
+                        createdAt.setAccessible(true);
+                        Throwable trace = (Throwable) createdAt.get(((ThreadLocal) current.get(null)).get());
+                        ExtensionList.lookupSingleton(SlaveToMasterFileCallableUsage.class).recordTrace(trace);
+                        LOGGER.log(Level.WARNING, "Permitting agent-to-controller '" + op + "' on '" + f + "'. This is deprecated and will soon be rejected. Learn more: https://www.jenkins.io/redirect/permitted-agent-to-controller-file-access", trace);
+                    } catch (Exception x) {
+                        LOGGER.log(Level.WARNING, null, x);
+                    }
                     return false;
                 }
             }

core/src/main/java/jenkins/telemetry/impl/SlaveToMasterFileCallableUsage.java

@@ -0,0 +1,75 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2021 CloudBees, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package jenkins.telemetry.impl;
+
+import hudson.Extension;
+import hudson.Functions;
+import java.time.LocalDate;
+import java.util.Collections;
+import java.util.Set;
+import java.util.TreeSet;
+import jenkins.SlaveToMasterFileCallable;
+import jenkins.security.s2m.DefaultFilePathFilter;
+import jenkins.telemetry.Telemetry;
+import net.sf.json.JSONObject;
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+/**
+ * Records when {@link DefaultFilePathFilter} found {@link SlaveToMasterFileCallable} or similar being used.
+ */
+@Extension
+@Restricted(NoExternalUse.class)
+public class SlaveToMasterFileCallableUsage extends Telemetry {
+
+    private Set<String> traces = new TreeSet<>();
+
+    @Override
+    public String getDisplayName() {
+        return "Access to files on controllers from code running on an agent";
+    }
+
+    @Override
+    public LocalDate getStart() {
+        return LocalDate.of(2021, 11, 4); // https://www.jenkins.io/security/advisory/2021-11-04/
+    }
+
+    @Override
+    public LocalDate getEnd() {
+        return LocalDate.of(2022, 3, 1);
+    }
+
+    @Override
+    public synchronized JSONObject createContent() {
+        JSONObject json = JSONObject.fromObject(Collections.singletonMap("traces", traces));
+        traces.clear();
+        return json;
+    }
+
+    public synchronized void recordTrace(Throwable trace) {
+        traces.add(Functions.printThrowable(trace).replaceAll("@[a-f0-9]+", "@…"));
+    }
+
+}

core/src/main/resources/jenkins/formelementpath/FormElementPathPageDecorator/footer.jelly

@@ -0,0 +1,6 @@
+<?jelly escape-by-default='true'?>
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler">
+  <j:if test="${it.enabled}">
+    <st:adjunct includes="jenkins.formelementpath.form-element-path"/>
+  </j:if>
+</j:jelly>