Skip to content

Commit

Permalink
[SECURITY-358] Restrict access to metadata used by WorkflowRun.
Browse files Browse the repository at this point in the history
  • Loading branch information
jglick committed Dec 9, 2016
1 parent ce8a2d5 commit 37419d5
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ allow read,stat <JENKINS_HOME>/userContent($|/.*)
# In the next rule we grant general access under build directories, so first we protect
# the actual build record that Jenkins core reads, which nothing should be touching.
deny all <BUILDDIR>/build.xml
# Similarly for Pipeline build (WorkflowRun) metadata:
deny all <BUILDDIR>/program.dat
deny all <BUILDDIR>/workflow($|/.*)

# Various plugins read/write files under build directories, so allow them all.
# - git 1.x writes changelog.xml from the slave (2.x writes from the master so need not be listed)
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* The MIT License
*
* Copyright 2016 CloudBees, Inc.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/

package jenkins.security.s2m;

import java.io.File;
import javax.inject.Inject;
import static org.junit.Assert.*;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;

public class AdminFilePathFilterTest {

@Rule
public JenkinsRule r = new JenkinsRule();

@Inject
AdminWhitelistRule rule;

@Before
public void setUp() {
r.jenkins.getInjector().injectMembers(this);
rule.setMasterKillSwitch(false);
}

// TODO in master when using a version taking a String[]: @Issue({"JENKINS-27055", "SECURITY-358"})
@Test
public void matchBuildDir() throws Exception {
File buildDir = r.buildAndAssertSuccess(r.createFreeStyleProject()).getRootDir();
assertTrue(rule.checkFileAccess("write", new File(buildDir, "whatever")));
assertFalse(rule.checkFileAccess("write", new File(buildDir, "build.xml")));
// WorkflowRun:
assertFalse(rule.checkFileAccess("write", new File(buildDir, "program.dat")));
assertFalse(rule.checkFileAccess("write", new File(buildDir, "workflow/23.xml")));
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
* THE SOFTWARE.
*/

package jenkins.security;
package jenkins.security.s2m;

import hudson.FilePath;
import hudson.model.Slave;
Expand All @@ -31,8 +31,6 @@
import java.io.PrintWriter;
import java.io.StringWriter;

import jenkins.security.s2m.AdminWhitelistRule;
import jenkins.security.s2m.DefaultFilePathFilter;
import org.jenkinsci.remoting.RoleChecker;
import org.junit.Before;
import org.junit.Test;
Expand All @@ -41,7 +39,6 @@
import org.jvnet.hudson.test.JenkinsRule;

import javax.inject.Inject;
import org.jvnet.hudson.test.Issue;

public class DefaultFilePathFilterTest {

Expand Down Expand Up @@ -112,11 +109,4 @@ public void checkRoles(RoleChecker checker) throws SecurityException {
}
}

@Issue("JENKINS-27055")
@Test public void matchBuildDir() throws Exception {
File f = new File(r.buildAndAssertSuccess(r.createFreeStyleProject()).getRootDir(), "whatever");
rule.setMasterKillSwitch(false);
assertTrue(rule.checkFileAccess("write", f));
}

}

0 comments on commit 37419d5

Please sign in to comment.