[JENKINS-73499] Add a warning if there is a risk of exposing credenti…

…als through a non-TLS proxy connection (#9491)
jenkinsci · Aug 10, 2024 · d176756 · d176756
1 parent 824c868
commit d176756
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 0 deletions.
diff --git a/core/src/main/java/hudson/ProxyConfiguration.java b/core/src/main/java/hudson/ProxyConfiguration.java
@@ -540,6 +540,34 @@ public FormValidation doCheckPort(@QueryParameter String value) {
             return FormValidation.ok();
         }
 
+        /**
+         * Do check if the provided value is empty or composed of whitespaces.
+         * If so, return a validation warning.
+         *
+         * @param value the value to test
+         * @return a validation warning iff the provided value is empty or composed of whitespaces.
+         */
+        private static FormValidation checkProxyCredentials(String value) {
+            value = Util.fixEmptyAndTrim(value);
+            if (value == null) {
+                return FormValidation.ok();
+            } else {
+                return FormValidation.warning(Messages.ProxyConfiguration_NonTLSWarning());
+            }
+        }
+
+        @RequirePOST
+        @Restricted(NoExternalUse.class)
+        public FormValidation doCheckUserName(@QueryParameter String value) {
+            return checkProxyCredentials(value);
+        }
+
+        @RequirePOST
+        @Restricted(NoExternalUse.class)
+        public FormValidation doCheckSecretPassword(@QueryParameter String value) {
+            return checkProxyCredentials(value);
+        }
+
         @RequirePOST
         @Restricted(NoExternalUse.class)
         public FormValidation doValidateProxy(

diff --git a/core/src/main/resources/hudson/Messages.properties b/core/src/main/resources/hudson/Messages.properties
@@ -110,6 +110,7 @@ ProxyConfiguration.TestUrlRequired=Test URL is required.
 ProxyConfiguration.MalformedTestUrl=Malformed Test URL {0}.
 ProxyConfiguration.FailedToConnectViaProxy=Failed to connect to {0}.
 ProxyConfiguration.FailedToConnect=Failed to connect to {0} (code {1}).
+ProxyConfiguration.NonTLSWarning=Jenkins only supports using an http connection to the proxy. The credentials may be exposed to someone on the same network.
 ProxyConfiguration.Success=Success (code {0})
 
 Functions.NoExceptionDetails=No Exception details

diff --git a/core/src/main/resources/hudson/Messages_es.properties b/core/src/main/resources/hudson/Messages_es.properties
@@ -99,6 +99,7 @@ ProxyConfiguration.TestUrlRequired=Se requiere un URL de prueba.
 ProxyConfiguration.MalformedTestUrl=La URL de prueba está mal formada.
 ProxyConfiguration.FailedToConnectViaProxy=No se puede conectar a {0}.
 ProxyConfiguration.FailedToConnect=No se puede conectar a {0} (código {1}).
+ProxyConfiguration.NonTLSWarning=Jenkins solo soporta conexiones http con el proxy. Las credenciales podrían quedar expuestas a cualquiera que se encuentre en la misma red.
 ProxyConfiguration.Success=Configurado (código {0})
 
 Functions.NoExceptionDetails=No hay detalles de la excepción

diff --git a/core/src/main/resources/hudson/Messages_fr.properties b/core/src/main/resources/hudson/Messages_fr.properties
@@ -109,6 +109,7 @@ ProxyConfiguration.TestUrlRequired=Une URL de test est requise.
 ProxyConfiguration.MalformedTestUrl=L''URL de test {0} n''est pas correctement formée.
 ProxyConfiguration.FailedToConnectViaProxy=Impossible de se connecter à {0}.
 ProxyConfiguration.FailedToConnect=Impossible de se connecter à {0} (code {1}).
+ProxyConfiguration.NonTLSWarning=Jenkins ne prend en charge que l''utilisation d''une connexion http vers le proxy. Les informations d''identification peuvent être exposées à une personne qui se trouve sur le même réseau.
 ProxyConfiguration.Success=Succès (code {0})
 
 Functions.NoExceptionDetails=Aucun détail concernant l''exception

diff --git a/core/src/main/resources/hudson/Messages_it.properties b/core/src/main/resources/hudson/Messages_it.properties
@@ -106,6 +106,7 @@ PluginWrapper.PluginWrapperAdministrativeMonitor.DisplayName=Errore \
 ProxyConfiguration.FailedToConnect=Impossibile connettersi a {0} (codice {1}).
 ProxyConfiguration.FailedToConnectViaProxy=Impossibile connettersi a {0}.
 ProxyConfiguration.MalformedTestUrl=URL di prova {0} malformato.
+ProxyConfiguration.NonTLSWarning=Jenkins supporta solo l''utilizzo di una connessione http al proxy. Le credenziali potrebbero essere esposte a qualcuno sulla stessa rete.
 ProxyConfiguration.Success=Connessione riuscita (codice {0})
 ProxyConfiguration.TestUrlRequired=È richiesto un URL di prova.
 TcpSlaveAgentListener.PingAgentProtocol.displayName=Protocollo ping