Updating plugin to resolve security CVE-2020-5529

jenkinsci · Jul 29, 2020 · b936341 · b936341
1 parent 7ac7587
commit b936341
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 49 deletions.
diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,8 @@
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
-        <version>2.7</version>
+        <version>4.4</version>
+        <relativePath />
     </parent>
 
     <artifactId>bitbucket</artifactId>
@@ -22,11 +23,24 @@
     </scm>
 
     <properties>
-        <jenkins.version>1.642.3</jenkins.version>
-        <maven.compiler.source>1.7</maven.compiler.source>
-        <maven.compiler.target>1.7</maven.compiler.target>
+        <jenkins.version>2.204.1</jenkins.version>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <java.level>8</java.level>
     </properties>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.jenkins.tools.bom</groupId>
+                <artifactId>bom-2.204.x</artifactId>
+                <version>11</version>
+                <scope>import</scope>
+                <type>pom</type>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <licenses>
         <license>
             <name>MIT</name>
@@ -74,82 +88,52 @@
         </plugins>
     </build>
 
+
+
     <dependencies>
         <dependency> <!-- minimun required version to work with Workflow 1.4 GitSCM step-->
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>git</artifactId>
-            <version>2.3.5</version>
+<!--            <version>4.3.0</version>-->
         </dependency>
         <dependency> <!-- minimun required version to work with Workflow 1.4 GitSCM step-->
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>mercurial</artifactId>
-            <version>1.54</version>
+            <version>2.10</version>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.0.22-beta</version>
+<!--            <version>2.0.22-beta</version>-->
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>job-dsl</artifactId>
-            <version>1.66</version>
+            <version>1.77</version>
             <optional>true</optional>
         </dependency>
 
-        <dependency>
-            <groupId>org.jenkins-ci.plugins</groupId>
-            <artifactId>structs</artifactId>
-            <version>1.5</version>
-        </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins.workflow</groupId>
             <artifactId>workflow-cps</artifactId>
-            <version>2.19</version>
+            <version>2.80</version>
             <classifier>tests</classifier>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins.workflow</groupId>
             <artifactId>workflow-multibranch</artifactId>
-            <version>2.9</version>
+            <version>2.16</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.jenkins-ci.plugins.workflow</groupId>
-            <artifactId>workflow-durable-task-step</artifactId>
-            <version>2.4</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.jenkins-ci.plugins</groupId>
-            <artifactId>branch-api</artifactId>
-            <version>1.11</version>
-        </dependency>
+
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>scm-api</artifactId>
-            <version>1.3</version>
+            <version>2.6.3</version>
         </dependency>
 
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.11</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>net.sourceforge.htmlunit</groupId>
-            <artifactId>htmlunit</artifactId>
-            <version>2.19</version>
-        </dependency>
-        <dependency>
-            <groupId>org.hamcrest</groupId>
-            <artifactId>hamcrest-core</artifactId>
-            <version>1.3</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
 </project>
diff --git a/src/main/java/com/cloudbees/jenkins/plugins/BitbucketJobProbe.java b/src/main/java/com/cloudbees/jenkins/plugins/BitbucketJobProbe.java
@@ -44,7 +44,7 @@ public void triggerMatchingJobs(String user, String url, String scm, String payl
 
                     if (job instanceof ParameterizedJobMixIn.ParameterizedJob) {
                         ParameterizedJobMixIn.ParameterizedJob pJob = (ParameterizedJobMixIn.ParameterizedJob) job;
-                        for (Trigger trigger : pJob.getTriggers().values()) {
+                        for (Object trigger : pJob.getTriggers().values()) {
                             if (trigger instanceof BitBucketTrigger) {
                                 bTrigger = (BitBucketTrigger) trigger;
                                 break;

diff --git a/src/test/java/com/cloudbees/jenkins/plugins/BitbucketPayloadProcessorTest.java b/src/test/java/com/cloudbees/jenkins/plugins/BitbucketPayloadProcessorTest.java
@@ -3,7 +3,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-import java.io.File;
+
 import java.io.IOException;
 import java.io.InputStream;
 
@@ -12,10 +12,9 @@
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 
-import org.apache.commons.io.FileUtils;
+
 import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.sshd.common.util.IoUtils;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;