Class ScriptApproval
java.lang.Object
hudson.model.Descriptor<GlobalConfiguration>
jenkins.model.GlobalConfiguration
org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval
- All Implemented Interfaces:
ExtensionPoint
,Action
,Describable<GlobalConfiguration>
,ModelObject
,RootAction
,Saveable
,OnMaster
@Symbol("scriptApproval")
@Extension
public final class ScriptApproval
extends GlobalConfiguration
implements RootAction
Manages approved scripts.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Approved classpath entry.static final class
static class
static final class
A classpath entry requiring approval by an administrator.static final class
static final class
static class
Nested classes/interfaces inherited from class hudson.model.Descriptor
Descriptor.FormException, Descriptor.PropertyType, Descriptor.Self
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic boolean
static boolean
Fields inherited from class hudson.model.Descriptor
clazz
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionaccessRejected
(RejectedAccessException x, ApprovalContext context) Deprecated.String[][]
aclApproveSignature
(String signature) net.sf.json.JSON
approveClasspathEntry
(String hash) void
approveScript
(String hash) String[][]
approveSignature
(String signature) Deprecated.Usechecking(String, Language, boolean)
insteadTo be used from form validation, in adoCheckFieldName
method.checking
(ClasspathEntry entry) Likechecking(String, Language, boolean)
but for classpath entries.net.sf.json.JSON
void
String[][]
String[][]
void
ClearsapprovedScriptHashes
from all entries not matchingDEFAULT_HASHER
.configuring
(String script, Language language, ApprovalContext context) Deprecated.configuring
(String script, Language language, ApprovalContext context, boolean approveIfAdmin) Used when someone is configuring a script.void
configuring
(ClasspathEntry entry, ApprovalContext context) Called when configuring a classpath entry.void
Schedules aThread
task that rehashes/converts all approved classpath entries that are hashed not usingDEFAULT_HASHER
.int
int
net.sf.json.JSON
net.sf.json.JSON
denyClasspathEntry
(String hash) void
denyScript
(String hash) void
denySignature
(String signature) void
doApproveScriptHash
(String hash) static ScriptApproval
get()
Gets the singleton instance.String[]
String[]
String[]
net.sf.json.JSON
protected XmlFile
String[]
boolean
boolean
boolean
Checks ifconvertDeprecatedApprovedClasspathEntriesThread
is active.boolean
isScriptApproved
(String script, Language language) void
load()
static void
static void
preapprove
(String script, Language language) Unconditionally approve a script.void
Unconditionally approves all pending scripts.static void
void
setApprovedScriptHashes
(String[] scriptHashes) void
setApprovedSignatures
(String[] signatures) Called when a script is about to be used (evaluated).void
using
(ClasspathEntry entry) Asserts that a classpath entry is approved.Methods inherited from class jenkins.model.GlobalConfiguration
all, configure, getDescriptor, getGlobalConfigPage
Methods inherited from class hudson.model.Descriptor
addHelpFileRedirect, bindJSON, calcAutoCompleteSettings, calcFillSettings, configure, doHelp, find, find, findByDescribableClassName, findById, getCheckMethod, getCheckUrl, getConfigPage, getCurrentDescriptorByNameUrl, getDescriptorFullUrl, getDescriptorUrl, getDisplayName, getGlobalPropertyType, getHelpFile, getHelpFile, getHelpFile, getId, getJsonSafeClassName, getKlass, getPlugin, getPossibleViewNames, getPropertyType, getPropertyType, getPropertyTypeOrDie, getRequiredGlobalConfigPagePermission, getT, getViewPage, isInstance, isSubTypeOf, newInstance, newInstance, newInstancesFromHeteroList, newInstancesFromHeteroList, save, self, toArray, toList, toMap
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface hudson.model.Action
getDisplayName
-
Field Details
-
ADMIN_AUTO_APPROVAL_ENABLED
public static boolean ADMIN_AUTO_APPROVAL_ENABLED -
ALLOW_ADMIN_APPROVAL_ENABLED
public static boolean ALLOW_ADMIN_APPROVAL_ENABLED
-
-
Constructor Details
-
ScriptApproval
@DataBoundConstructor public ScriptApproval()
-
-
Method Details
-
getConfigFile
- Overrides:
getConfigFile
in classDescriptor<GlobalConfiguration>
-
getCategory
- Overrides:
getCategory
in classDescriptor<GlobalConfiguration>
-
get
Gets the singleton instance. -
isScriptApproved
-
load
public void load()- Overrides:
load
in classDescriptor<GlobalConfiguration>
-
hasDeprecatedApprovedScriptHashes
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasDeprecatedApprovedScriptHashes() -
countDeprecatedApprovedScriptHashes
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public int countDeprecatedApprovedScriptHashes() -
countDeprecatedApprovedClasspathHashes
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public int countDeprecatedApprovedClasspathHashes() -
hasDeprecatedApprovedClasspathHashes
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasDeprecatedApprovedClasspathHashes() -
configuring
public String configuring(@NonNull String script, @NonNull Language language, @NonNull ApprovalContext context, boolean approveIfAdmin) Used when someone is configuring a script. Typically you would call this from aDataBoundConstructor
. It should also be called from areadResolve
method (which may then simply returnthis
), so that administrators can for example POST toconfig.xml
and have their scripts be considered approved.If the script has already been approved, this does nothing. Otherwise, if this user has the
Jenkins.ADMINISTER
permission (and is notACL.SYSTEM2
) and a corresponding flag is set totrue
, or Jenkins is running without security, it is added to the approved list. Otherwise, it is added to the pending list.- Parameters:
script
- the text of a possibly novel scriptlanguage
- the language in which it is writtencontext
- any additional information about how where or by whom this is being configuredapproveIfAdmin
- indicates whether script should be approved if current user has admin permissions- Returns:
script
, for convenience
-
configuring
@Deprecated public String configuring(@NonNull String script, @NonNull Language language, @NonNull ApprovalContext context) Deprecated. -
using
public String using(@NonNull String script, @NonNull Language language) throws UnapprovedUsageException Called when a script is about to be used (evaluated).- Parameters:
script
- a possibly unapproved scriptlanguage
- the language in which it is written- Returns:
script
, for convenience- Throws:
UnapprovedUsageException
- in case it has not yet been approved
-
configuring
Called when configuring a classpath entry. Usage is similar toconfiguring(String, Language, ApprovalContext, boolean)
.- Parameters:
entry
- entry to be configuredcontext
- any additional information- Throws:
IllegalStateException
-Jenkins
instance is not ready
-
checking
Likechecking(String, Language, boolean)
but for classpath entries. However, this method does not actually check whether the classpath entry is approved, because it would have to connect to the URL and download the contents, which may be unsafe if this is called via a web method by an unprivileged user (This is automatic if useClasspathEntry
as a configuration element.)- Parameters:
entry
- the classpath entry to verify- Returns:
- whether it will be approved
- Throws:
IllegalStateException
-Jenkins
instance is not ready
-
using
Asserts that a classpath entry is approved. Also records it as a pending entry if not approved.- Parameters:
entry
- a classpath entry- Throws:
IOException
- when failed to the entry is inaccessibleUnapprovedClasspathException
- when the entry is not approved
-
checking
public FormValidation checking(@NonNull String script, @NonNull Language language, boolean willBeApproved) To be used from form validation, in adoCheckFieldName
method.- Parameters:
script
- a possibly unapproved scriptlanguage
- the language in which it is writtenwillBeApproved
- whether script is going to be approved after configuration is saved- Returns:
- a warning indicating that admin approval will be needed in case current user does not have
Jenkins.ADMINISTER
permission; a warning indicating that script is not yet approved if user has such permission andwillBeApproved
is false; a message indicating that script will be approved if user has such permission andwillBeApproved
is true; nothing if script is empty; a corresponding message if script is approved
-
doApproveScriptHash
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @POST public void doApproveScriptHash(@QueryParameter(required=true) String hash) throws IOException - Throws:
IOException
-
checking
Deprecated.Usechecking(String, Language, boolean)
instead -
preapprove
Unconditionally approve a script. Does no access checks and does not automatically save changes to disk. Useful mainly for testing.- Parameters:
script
- the text of a possibly novel scriptlanguage
- the language in which it is written- Returns:
script
, for convenience
-
preapproveAll
public void preapproveAll()Unconditionally approves all pending scripts. Does no access checks and does not automatically save changes to disk. Useful mainly for testing in combination with@LocalData
. -
accessRejected
@Deprecated public RejectedAccessException accessRejected(@NonNull RejectedAccessException x, @NonNull ApprovalContext context) Deprecated.Unnecessary if usingGroovySandbox.enter()
.To be called when a sandbox rejects access for a script not using manual approval. The signature of the failing method (if known) will be added to the pending list.- Parameters:
x
- an exception with the detailscontext
- any additional information about where or by whom this script was run- Returns:
x
, for convenience in rethrowing
-
maybeRegister
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void maybeRegister(@NonNull RejectedAccessException x) -
pushRegistrationCallback
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void pushRegistrationCallback(Consumer<RejectedAccessException> callback) -
popRegistrationCallback
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void popRegistrationCallback() -
setApprovedSignatures
- Throws:
IOException
-
getApprovedSignatures
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getApprovedSignatures() -
getDangerousApprovedSignatures
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getDangerousApprovedSignatures() -
getAclApprovedSignatures
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getAclApprovedSignatures() -
setApprovedScriptHashes
- Throws:
IOException
-
getApprovedScriptHashes
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getApprovedScriptHashes() -
getIconFileName
- Specified by:
getIconFileName
in interfaceAction
-
getUrlName
- Specified by:
getUrlName
in interfaceAction
-
getPendingScripts
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public Set<ScriptApproval.PendingScript> getPendingScripts() -
approveScript
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void approveScript(String hash) throws IOException - Throws:
IOException
-
denyScript
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void denyScript(String hash) throws IOException - Throws:
IOException
-
clearApprovedScripts
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void clearApprovedScripts() throws IOException- Throws:
IOException
-
clearDeprecatedApprovedScripts
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void clearDeprecatedApprovedScripts() throws IOExceptionClearsapprovedScriptHashes
from all entries not matchingDEFAULT_HASHER
.- Throws:
IOException
- if so when saving to disk.
-
getSpinnerIconClassName
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public String getSpinnerIconClassName() -
convertDeprecatedApprovedClasspathEntries
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void convertDeprecatedApprovedClasspathEntries()Schedules aThread
task that rehashes/converts all approved classpath entries that are hashed not usingDEFAULT_HASHER
. -
isConvertingDeprecatedApprovedClasspathEntries
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean isConvertingDeprecatedApprovedClasspathEntries()Checks ifconvertDeprecatedApprovedClasspathEntriesThread
is active.- Returns:
- true if so.
-
getPendingSignatures
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public Set<ScriptApproval.PendingSignature> getPendingSignatures() -
approveSignature
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] approveSignature(String signature) throws IOException - Throws:
IOException
-
aclApproveSignature
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] aclApproveSignature(String signature) throws IOException - Throws:
IOException
-
denySignature
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void denySignature(String signature) throws IOException - Throws:
IOException
-
clearApprovedSignatures
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] clearApprovedSignatures() throws IOException- Throws:
IOException
-
clearDangerousApprovedSignatures
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] clearDangerousApprovedSignatures() throws IOException- Throws:
IOException
-
getApprovedClasspathEntries
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ScriptApproval.ApprovedClasspathEntry> getApprovedClasspathEntries() -
getPendingClasspathEntries
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ScriptApproval.PendingClasspathEntry> getPendingClasspathEntries() -
getClasspathRenderInfo
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON getClasspathRenderInfo() -
approveClasspathEntry
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON approveClasspathEntry(String hash) throws IOException - Throws:
IOException
-
denyClasspathEntry
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON denyClasspathEntry(String hash) throws IOException - Throws:
IOException
-
denyApprovedClasspathEntry
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON denyApprovedClasspathEntry(String hash) throws IOException - Throws:
IOException
-
clearApprovedClasspathEntries
@Restricted(org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON clearApprovedClasspathEntries() throws IOException- Throws:
IOException
-
GroovySandbox.enter()
.