Skip to content

Commit

Permalink
Run ATH with CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
basil committed Oct 1, 2024
1 parent 5fd5c02 commit 62a0c2b
Show file tree
Hide file tree
Showing 5 changed files with 118 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ if (needSplittingFromWorkspace) {
}

def axes = [
jenkinsVersions: ['lts', 'latest'],
jenkinsVersions: ['latest'],
platforms: ['linux'],
jdks: [17, 21],
browsers: ['firefox'],
Expand Down
14 changes: 13 additions & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@
<properties>
<changelist>999999-SNAPSHOT</changelist>
<spotbugs.skip>true</spotbugs.skip>
<jenkins.version>2.478</jenkins.version>
<!-- TODO https://github.com/jenkinsci/jenkins/pull/6867 -->
<jenkins.version>2.479-rc35397.f9a_d8fa_b_dc44</jenkins.version>
<selenium.version>4.25.0</selenium.version>
<!-- aligned with selenium -->
<guava.version>33.3.1-jre</guava.version>
Expand Down Expand Up @@ -491,6 +492,10 @@ and
</systemPropertyVariables>
<!-- SUREFIRE-1588 workaround; too late for systemProperties: -->
<argLine>-Djdk.net.URLClassPath.disableClassPathURLCheck=true</argLine>
<environmentVariables>
<!-- Use local version of the plugin over the released one ATH would otherwise use -->
<LOCAL_JARS>target/matrix-project.hpi</LOCAL_JARS>
</environmentVariables>
</configuration>
</plugin>
<plugin>
Expand Down Expand Up @@ -805,6 +810,13 @@ and
<version>${jenkins.version}</version>
<type>war</type>
</artifactItem>
<!-- TODO https://github.com/jenkinsci/matrix-project-plugin/pull/130 -->
<artifactItem>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>matrix-project</artifactId>
<version>846.v4f1c596a_210a_</version>
<type>hpi</type>
</artifactItem>
</artifactItems>
<outputDirectory>${project.build.directory}</outputDirectory>
<stripVersion>true</stripVersion>
Expand Down
51 changes: 51 additions & 0 deletions src/main/java/org/jenkinsci/test/acceptance/junit/CspRule.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
package org.jenkinsci.test.acceptance.junit;

import com.google.inject.Inject;
import com.google.inject.Injector;
import java.util.List;
import java.util.logging.Logger;
import org.jenkinsci.test.acceptance.plugins.csp.ContentSecurityPolicyReport;
import org.jenkinsci.test.acceptance.po.Jenkins;
import org.jenkinsci.test.acceptance.update_center.PluginSpec;
import org.junit.rules.TestRule;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;

@GlobalRule
public final class CspRule implements TestRule {

private static final Logger LOGGER = Logger.getLogger(CspRule.class.getName());

@Inject
Injector injector;

@Override
public Statement apply(final Statement base, final Description d) {
return new Statement() {
private Jenkins jenkins;

@Override
public void evaluate() throws Throwable {
jenkins = injector.getInstance(Jenkins.class);
final PluginSpec plugin = new PluginSpec("csp");
LOGGER.info("Installing plugin for test: " + plugin);
jenkins.getPluginManager().installPlugins(plugin);
// LOGGER.info("Configuring CSP plugin for test");
// final GlobalSecurityConfig security = new GlobalSecurityConfig(jenkins);
// security.open();
// security.disableCspReportOnly();
// security.save();
try {
base.evaluate();
} finally {
ContentSecurityPolicyReport csp = new ContentSecurityPolicyReport(jenkins);
csp.open();
List<String> lines = csp.getReport();
if (lines.size() > 2) {
throw new AssertionError(String.join("\n", csp.getReport()));
}
}
}
};
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package org.jenkinsci.test.acceptance.plugins.csp;

import java.util.ArrayList;
import java.util.List;
import org.jenkinsci.test.acceptance.po.Jenkins;
import org.jenkinsci.test.acceptance.po.PageObject;
import org.openqa.selenium.By;
import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebElement;

public class ContentSecurityPolicyReport extends PageObject {
public ContentSecurityPolicyReport(Jenkins context) {
super(context, context.url("content-security-policy-reports/"));
}

public List<String> getReport() {
List<String> lines = new ArrayList<>();
WebElement table;
try {
table = find(By.className("bigtable"));
} catch (NoSuchElementException e) {
try {
getContext().getJenkins().logout();
} catch (Exception ignored) {
// Ignore
}
getContext().getJenkins().login().doLogin("admin");
table = find(By.className("bigtable"));
}
List<WebElement> headers = table.findElements(By.tagName("th"));
StringBuilder sb = new StringBuilder();
for (WebElement header : headers) {
sb.append(header.getText()).append("\t");
}
lines.add(sb.toString());
sb = new StringBuilder();
List<WebElement> rows = table.findElements(By.tagName("tr"));
for (WebElement row : rows) {
List<WebElement> cells = row.findElements(By.tagName("td"));
for (WebElement cell : cells) {
sb.append(cell.getText()).append("\t");
}
lines.add(sb.toString());
sb = new StringBuilder();
}
return lines;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import java.net.URL;
import org.jenkinsci.test.acceptance.plugins.authorize_project.BuildAccessControl;
import org.jenkinsci.test.acceptance.plugins.git_client.ssh_host_key_verification.SshHostKeyVerificationStrategy;
import org.openqa.selenium.By;
import org.openqa.selenium.NoSuchElementException;
import org.openqa.selenium.WebElement;

Expand Down Expand Up @@ -83,6 +84,10 @@ private void maybeCheckUseSecurity() {
}
}

public void disableCspReportOnly() {
control(By.name("_.reportOnly")).uncheck();
}

public <T extends BuildAccessControl> T addBuildAccessControl(final Class<T> type) {
final String path =
createPageArea("/jenkins-security-QueueItemAuthenticatorConfiguration/authenticators", () -> control(
Expand Down

0 comments on commit 62a0c2b

Please sign in to comment.