Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape special characters for GitUsernamePasswordBinding in withCrede… #1443

Merged
merged 11 commits into from
Jul 12, 2023
Merged

Escape special characters for GitUsernamePasswordBinding in withCrede… #1443

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4035213
Escape special characters for GitUsernamePasswordBinding in withCrede…
Seros Apr 26, 2023
12ae8e5
Fix test for GitUsernamePasswordBinding in withCredentials
Seros Apr 27, 2023
54cfe20
Adapt writing ASKPASS from git-client-plugin
Seros Jul 11, 2023
e7f82d2
Fix tests
Seros Jul 11, 2023
2ba7a5f
Fix tests
Seros Jul 11, 2023
7d2f5f6
Fix tests
Seros Jul 11, 2023
dc32b04
Merge branch 'master' into escape-special-characters-with-credentials
MarkEWaite Jul 11, 2023
2470fe3
Reduce diffs by retaining old, ugly formatting of comment
MarkEWaite Jul 11, 2023
971b32f
Make filename encoding methods private
MarkEWaite Jul 11, 2023
013dc35
Add more sample passwords
MarkEWaite Jul 11, 2023
37629b3
Move assertions into existing conditional
MarkEWaite Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 33 additions & 8 deletions src/main/java/jenkins/plugins/git/GitUsernamePasswordBinding.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,23 +145,28 @@ protected GenerateGitScript(String gitUsername, String gitPassword,
protected FilePath write(StandardUsernamePasswordCredentials credentials, FilePath workspace)
throws IOException, InterruptedException {
FilePath gitEcho;

FilePath usernameFile = workspace.createTempFile("username", ".txt");
usernameFile.write(this.userVariable + "\n", null);
FilePath passwordFile = workspace.createTempFile("password", ".txt");
passwordFile.write(this.passVariable + "\n", null);

//Hard Coded platform dependent newLine
if (this.unixNodeType) {
gitEcho = workspace.createTempFile("auth", ".sh");
// [#!/usr/bin/env sh] to be used if required, could have some corner cases
gitEcho.write("case $1 in\n"
+ " Username*) echo " + this.userVariable
+ " ;;\n"
+ " Password*) echo " + this.passVariable
+ " ;;\n"
gitEcho.write("#!/bin/sh\n"
+ "\n"
+ "case \"$1\" in\n"
+ " Username*) cat " + unixArgEncodeFileName(usernameFile.getRemote()) + ";;\n"
+ " Password*) cat " + unixArgEncodeFileName(passwordFile.getRemote()) + ";;\n"
+ " esac\n", null);
gitEcho.chmod(0500);
} else {
gitEcho = workspace.createTempFile("auth", ".bat");
gitEcho.write("@ECHO OFF\r\n"
+ "SET ARG=%~1\r\n"
+ "IF %ARG:~0,8%==Username (ECHO " + this.userVariable + ")\r\n"
+ "IF %ARG:~0,8%==Password (ECHO " + this.passVariable + ")", null);
+ "IF %ARG:~0,8%==Username type " + windowsArgEncodeFileName(usernameFile.getRemote()) + "\r\n"
+ "IF %ARG:~0,8%==Password type " + windowsArgEncodeFileName(passwordFile.getRemote()), null);
}
return gitEcho;
}
Expand All @@ -170,6 +175,26 @@ protected FilePath write(StandardUsernamePasswordCredentials credentials, FilePa
protected Class<StandardUsernamePasswordCredentials> type() {
return StandardUsernamePasswordCredentials.class;
}

/* Escape all single quotes in filename, then surround filename in single quotes.
* Only useful to prepare filename for reference from a shell script.
*/
private String unixArgEncodeFileName(String filename) {
if (filename.contains("'")) {
filename = filename.replace("'", "'\\''");
}
return "'" + filename + "'";
}

/* Escape all double quotes in filename, then surround filename in double quotes.
* Only useful to prepare filename for reference from a DOS batch file.
*/
private String windowsArgEncodeFileName(String filename) {
if (filename.contains("\"")) {
filename = filename.replace("\"", "^\"");
}
return "\"" + filename + "\"";
}
}

// Mistakenly defined GitUsernamePassword in first release, prefer gitUsernamePassword as symbol
Expand Down
13 changes: 9 additions & 4 deletions src/test/java/jenkins/plugins/git/GitUsernamePasswordBindingTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,10 @@ private boolean isTimeAvailable() {
"&Ampersand&",
"He said \"Hello\", then left.",
"default=@#(*^!",
"has_a_trailing_quote=@#(*^!'",
"here's-a-quote",
"special%%_342@**",
"%interior-single-quote%_786'@**",
};
private static GitTool[] gitTools = {
new GitTool("Default", "git", null),
Expand All @@ -126,10 +128,11 @@ private boolean isTimeAvailable() {
new JGitTool(),
};

/* Create two test data items using random selections from the larger set of data */
/* Create three test data items using random selections from the larger set of data */
private static Object[][] testData = new Object[][]{
{userNames[random.nextInt(userNames.length)], passwords[random.nextInt(passwords.length)], gitTools[random.nextInt(gitTools.length)]},
{userNames[random.nextInt(userNames.length)], passwords[random.nextInt(passwords.length)], gitTools[random.nextInt(gitTools.length)]},
{userNames[random.nextInt(userNames.length)], passwords[random.nextInt(passwords.length)], gitTools[random.nextInt(gitTools.length)]},
};

public GitUsernamePasswordBindingTest(String username, String password, GitTool gitToolInstance) {
Expand Down Expand Up @@ -309,19 +312,21 @@ public void test_getGitClientInstance() throws IOException, InterruptedException
}

@Test
public void test_GenerateGitScript_write() throws IOException, InterruptedException {
public void test_GenerateGitScript_write() throws Exception {
assumeTrue("Test class max time " + MAX_SECONDS_FOR_THESE_TESTS + " exceeded", isTimeAvailable());
GitUsernamePasswordBinding.GenerateGitScript tempGenScript = new GitUsernamePasswordBinding.GenerateGitScript(this.username, this.password, credentials.getId(), !isWindows());
assertThat(tempGenScript.type(), is(StandardUsernamePasswordCredentials.class));
FilePath tempScriptFile = tempGenScript.write(credentials, rootFilePath);
if (!isWindows()) {
assertThat(tempScriptFile.mode(), is(0500));
assertThat("File extension not sh", FilenameUtils.getExtension(tempScriptFile.getName()), is("sh"));
assertThat(tempScriptFile.readToString(), containsString("Username*) cat"));
assertThat(tempScriptFile.readToString(), containsString("Password*) cat"));
} else {
assertThat("File extension not bat", FilenameUtils.getExtension(tempScriptFile.getName()), is("bat"));
assertThat(tempScriptFile.readToString(), containsString("IF %ARG:~0,8%==Username type"));
assertThat(tempScriptFile.readToString(), containsString("IF %ARG:~0,8%==Password type"));
}
assertThat(tempScriptFile.readToString(), containsString(this.username));
assertThat(tempScriptFile.readToString(), containsString(this.password));
}

/**
Expand Down