Skip to content

Commit

Permalink
Run ATH with CSP when csp.rule is defined (jenkinsci#1743)
Browse files Browse the repository at this point in the history
  • Loading branch information
basil authored Oct 25, 2024
1 parent c0d8f26 commit 6b05a06
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 1 deletion.
4 changes: 3 additions & 1 deletion Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ for (int i = 0; i < splits.size(); i++) {
if (jdk != 21 && jenkinsVersion == 'latest') {
return
}
// TODO enable on LTS line when it is based on 2.480 or later
def cspRule = jenkinsVersion == 'latest'
def name = "${jenkinsVersion}-${platform}-jdk${jdk}-${browser}-split${index}"
branches[name] = {
stage(name) {
Expand Down Expand Up @@ -144,7 +146,7 @@ for (int i = 0; i < splits.size(); i++) {
set-java.sh ${jdk}
eval \$(vnc.sh)
java -version
run.sh ${browser} ${jenkinsVersion} -Dmaven.repo.local=${WORKSPACE_TMP}/m2repo -Dmaven.test.failure.ignore=true -DforkCount=1 -B
run.sh ${browser} ${jenkinsVersion} -Dmaven.repo.local=${WORKSPACE_TMP}/m2repo -Dmaven.test.failure.ignore=true -Dcsp.rule=${cspRule} -DforkCount=1 -B
cp --verbose target/surefire-reports/TEST-*.xml /reports
"""
}
Expand Down
50 changes: 50 additions & 0 deletions src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package org.jenkinsci.test.acceptance.junit;

import com.google.inject.Inject;
import com.google.inject.Injector;
import org.jenkinsci.test.acceptance.po.GlobalSecurityConfig;
import org.jenkinsci.test.acceptance.po.Jenkins;
import org.jenkinsci.test.acceptance.update_center.PluginSpec;
import org.junit.rules.TestRule;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;

@GlobalRule
public final class CspRule implements TestRule {

@Inject
private Injector injector;

@Override
public Statement apply(final Statement base, final Description d) {
return new Statement() {
@Override
public void evaluate() throws Throwable {
if (isEnabled()
&& d.getAnnotation(WithInstallWizard.class) == null
&& d.getTestClass().getAnnotation(WithInstallWizard.class) == null) {
Jenkins jenkins = injector.getInstance(Jenkins.class);

PluginSpec plugin = new PluginSpec("csp");
jenkins.getPluginManager().installPlugins(plugin);

GlobalSecurityConfig security = new GlobalSecurityConfig(jenkins);
security.open();
security.disableCspReportOnly();
security.save();
}
base.evaluate();
}

private static boolean isEnabled() {
if (System.getProperty("csp.rule") == null) {
return false;
}
if (System.getProperty("csp.rule").isEmpty()) {
return true;
}
return Boolean.getBoolean("csp.rule");
}
};
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import java.net.URL;
import org.jenkinsci.test.acceptance.plugins.authorize_project.BuildAccessControl;
import org.jenkinsci.test.acceptance.plugins.git_client.ssh_host_key_verification.SshHostKeyVerificationStrategy;
import org.openqa.selenium.By;
import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebElement;

Expand Down Expand Up @@ -83,6 +84,10 @@ private void maybeCheckUseSecurity() {
}
}

public void disableCspReportOnly() {
control(By.name("_.reportOnly")).uncheck();
}

public <T extends BuildAccessControl> T addBuildAccessControl(final Class<T> type) {
final String path =
createPageArea("/jenkins-security-QueueItemAuthenticatorConfiguration/authenticators", () -> control(
Expand Down

0 comments on commit 6b05a06

Please sign in to comment.