@Symbol(value="scriptApproval") @Extension public class ScriptApproval extends GlobalConfiguration implements RootAction
Modifier and Type | Class and Description |
---|---|
static class |
ScriptApproval.ApprovedClasspathEntry
Approved classpath entry.
|
static class |
ScriptApproval.ApprovedWhitelist |
static class |
ScriptApproval.PendingClasspathEntry
A classpath entry requiring approval by an administrator.
|
static class |
ScriptApproval.PendingScript |
static class |
ScriptApproval.PendingSignature |
static class |
ScriptApproval.PendingThing |
Descriptor.FormException, Descriptor.PropertyType, Descriptor.Self
ExtensionPoint.LegacyInstancesAreScopedToHudson
Modifier and Type | Field and Description |
---|---|
static boolean |
ADMIN_AUTO_APPROVAL_ENABLED |
clazz
Constructor and Description |
---|
ScriptApproval() |
all, configure, getDescriptor, getGlobalConfigPage
addHelpFileRedirect, bindJSON, calcAutoCompleteSettings, calcFillSettings, configure, doHelp, find, find, findByDescribableClassName, findById, getCheckMethod, getCheckUrl, getConfigPage, getCurrentDescriptorByNameUrl, getDescriptorFullUrl, getDescriptorUrl, getDisplayName, getGlobalPropertyType, getHelpFile, getHelpFile, getHelpFile, getId, getJsonSafeClassName, getKlass, getPlugin, getPossibleViewNames, getPropertyType, getPropertyType, getPropertyTypeOrDie, getRequiredGlobalConfigPagePermission, getT, getViewPage, isInstance, isSubTypeOf, load, newInstance, newInstance, newInstancesFromHeteroList, newInstancesFromHeteroList, save, self, toArray, toList, toMap
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getDisplayName
protected XmlFile getConfigFile()
getConfigFile
in class Descriptor<GlobalConfiguration>
public GlobalConfigurationCategory getCategory()
getCategory
in class Descriptor<GlobalConfiguration>
@NonNull public static ScriptApproval get()
public boolean isScriptApproved(@NonNull String script, @NonNull Language language)
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasDeprecatedApprovedScriptHashes()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public int countDeprecatedApprovedScriptHashes()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public int countDeprecatedApprovedClasspathHashes()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean hasDeprecatedApprovedClasspathHashes()
public String configuring(@NonNull String script, @NonNull Language language, @NonNull ApprovalContext context, boolean approveIfAdmin)
DataBoundConstructor
.
It should also be called from a readResolve
method (which may then simply return this
),
so that administrators can for example POST to config.xml
and have their scripts be considered approved.
If the script has already been approved, this does nothing.
Otherwise, if this user has the Jenkins.ADMINISTER
permission (and is not ACL.SYSTEM
)
and a corresponding flag is set to true
, or Jenkins is running without security, it is added to the approved list.
Otherwise, it is added to the pending list.
script
- the text of a possibly novel scriptlanguage
- the language in which it is writtencontext
- any additional information about how where or by whom this is being configuredapproveIfAdmin
- indicates whether script should be approved if current user has admin permissionsscript
, for convenience@Deprecated public String configuring(@NonNull String script, @NonNull Language language, @NonNull ApprovalContext context)
configuring(String, Language, ApprovalContext, boolean)
insteadpublic String using(@NonNull String script, @NonNull Language language) throws UnapprovedUsageException
script
- a possibly unapproved scriptlanguage
- the language in which it is writtenscript
, for convenienceUnapprovedUsageException
- in case it has not yet been approvedpublic void configuring(@NonNull ClasspathEntry entry, @NonNull ApprovalContext context)
configuring(String, Language, ApprovalContext, boolean)
.entry
- entry to be configuredcontext
- any additional informationIllegalStateException
- Jenkins
instance is not readypublic FormValidation checking(@NonNull ClasspathEntry entry)
checking(String, Language, boolean)
but for classpath entries.
However, this method does not actually check whether the classpath entry is approved,
because it would have to connect to the URL and download the contents,
which may be unsafe if this is called via a web method by an unprivileged user
(This is automatic if use ClasspathEntry
as a configuration element.)entry
- the classpath entry to verifyIllegalStateException
- Jenkins
instance is not readypublic void using(@NonNull ClasspathEntry entry) throws IOException, UnapprovedClasspathException
entry
- a classpath entryIOException
- when failed to the entry is inaccessibleUnapprovedClasspathException
- when the entry is not approvedpublic FormValidation checking(@NonNull String script, @NonNull Language language, boolean willBeApproved)
doCheckFieldName
method.script
- a possibly unapproved scriptlanguage
- the language in which it is writtenwillBeApproved
- whether script is going to be approved after configuration is savedJenkins.ADMINISTER
permission; a warning indicating that script is not yet approved if user has such
permission and willBeApproved
is false; a message indicating that script will be approved if user
has such permission and willBeApproved
is true; nothing if script is empty; a corresponding message
if script is approved@Deprecated public FormValidation checking(@NonNull String script, @NonNull Language language)
checking(String, Language, boolean)
insteadpublic String preapprove(@NonNull String script, @NonNull Language language)
script
- the text of a possibly novel scriptlanguage
- the language in which it is writtenscript
, for conveniencepublic void preapproveAll()
@LocalData
.@Deprecated public RejectedAccessException accessRejected(@NonNull RejectedAccessException x, @NonNull ApprovalContext context)
GroovySandbox.enter()
.x
- an exception with the detailscontext
- any additional information about where or by whom this script was runx
, for convenience in rethrowing@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void maybeRegister(@NonNull RejectedAccessException x)
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void pushRegistrationCallback(Consumer<RejectedAccessException> callback)
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public static void popRegistrationCallback()
@DataBoundSetter public void setApprovedSignatures(String[] signatures) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getApprovedSignatures()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getDangerousApprovedSignatures()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getAclApprovedSignatures()
@DataBoundSetter public void setApprovedScriptHashes(String[] scriptHashes) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public String[] getApprovedScriptHashes()
public String getIconFileName()
getIconFileName
in interface Action
public String getUrlName()
getUrlName
in interface Action
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public Set<ScriptApproval.PendingScript> getPendingScripts()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void approveScript(String hash) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void denyScript(String hash) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void clearApprovedScripts() throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void clearDeprecatedApprovedScripts() throws IOException
approvedScriptHashes
from all entries not matching DEFAULT_HASHER
.IOException
- if so when saving to disk.@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public String getSpinnerIconClassName()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void convertDeprecatedApprovedClasspathEntries()
Thread
task that rehashes/converts all approved classpath entries
that are hashed not using DEFAULT_HASHER
.@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public boolean isConvertingDeprecatedApprovedClasspathEntries()
convertDeprecatedApprovedClasspathEntriesThread
is active.@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public Set<ScriptApproval.PendingSignature> getPendingSignatures()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] approveSignature(String signature) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] aclApproveSignature(String signature) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public void denySignature(String signature) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] clearApprovedSignatures() throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public String[][] clearDangerousApprovedSignatures() throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ScriptApproval.ApprovedClasspathEntry> getApprovedClasspathEntries()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public List<ScriptApproval.PendingClasspathEntry> getPendingClasspathEntries()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON getClasspathRenderInfo()
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON approveClasspathEntry(String hash) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON denyClasspathEntry(String hash) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON denyApprovedClasspathEntry(String hash) throws IOException
IOException
@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) @JavaScriptMethod public net.sf.json.JSON clearApprovedClasspathEntries() throws IOException
IOException
Copyright © 2016–2023. All rights reserved.