Added dynamic macros into Jenkins config #20
Conversation
…king for config file (with ../../)
…n opening settings
…fore the definition argument (e.g. --nvr before --build-config...)
| public static final int VAGUE_QUERY_LENGTH_THRESHOLD = 4; | ||
| public static final String ESCAPE_DIRECTORY_REGEX = "((\\.\\./)+.*(\\.\\./)*.*)|((\\.\\./)*.*(\\.\\./)+.*)"; |
There was a problem hiding this comment.
Isnt better to simply check, that the fully resolved filename, the final abs path (java have methods for that), is simply still in desired workspace/cwd/app dir?
There was a problem hiding this comment.
I wil merge this as it is. But the rework of shoudl be needed.
Again,. from my own experiments, checking input like this may be missleading.
eg correctdir/correctdir/../fileInFirstCorrectDir is pretty correct
Eg I'm checking the bash injection in the CGI wrapper by checking for "|" and thus literally killing this tool. Btrw, any ideas how to fix that "|" (https://github.com/jenkinsci/report-jtreg-plugin/blob/master/report-jtreg-service/src/main/java/io/jenkins/plugins/report/jtreg/main/web/ContextExecutingHandler.java#L114)
| </p> | ||
| <p> | ||
| <i>So an example of the whole prompt with arguments can look like this:</i><br> | ||
| <code> | ||
| --compare<br> | ||
| --history 5<br> | ||
| --build-config-find changelog.xml:nvr:/build/nvr<br> | ||
| --nvr ".*"<br> | ||
| --nvr "%{nvr}"<br> |
There was a problem hiding this comment.
it maybe worthy to keep also the --nvr ".*" example. Otherwise users may fell to assumption, that it is the final form, and no xtensions possible
| @@ -199,7 +209,7 @@ private static Options.Configuration getConfiguration(String[] values, String cu | |||
| } | |||
|
|
|||
| private static String getArgumentValue(String[] arguments, int i) { | |||
| if (i + 1 < arguments.length) { | |||
| if (i + 1 < arguments.length && !arguments[i + 1].matches("^--.*")) { | |||
| return arguments[i + 1]; | |||
| } else { | |||
| throw new RuntimeException("Expected some value after " + arguments[i] + " argument."); | |||
There was a problem hiding this comment.
trust in you, I have, young padawan. However this is becaoming regex hell :) I once implemented mathematic formula parser based on split and repalce... not any more!
Added dynamic macros into Jenkins config
The main feature. Now, when setting links to the comparator tool in the Jenkins config, you can use macros which will correspond with the config items set in the section below.
So now, when you for example set a way to look for nvr in the Config items section of Jenkins config and you put
nvrinto the "Name of the item to find" field. You can use the macro%{nvr}in the comparator links section, which will translate into the nvr of the current job and build according to the report page.Added a check for escaping the directory
I also added a basic check to stop potential nefarious users from trying to escape directory when using the
--build-config-find/--job-config-findor the "Config items" setting in Jenkins. It checks with regex whether there is../in the path to the file and if so, it throws an exception.Reworked comparator argument parsing
Till now, the
--build-config-findarguments had to declared before using the dynamic argument itself (for example--nvr). Now it doesnt matter, you can use--nvrbefore declaring--build-config-find changelog.xml:nvr:/build/nvr.Other