Skip to content

Level3: Configuration section with credentials #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vwagh-dev wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Level3: Configuration section with credentials #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
ec888b9
Added global configuration page with one text box & textarea each i.e…
vwagh-dev Jul 7, 2024
c45d2f9
Added form validation i.e. level2
vwagh-dev Jul 12, 2024
4d7b540
Added getter/setter for the form fields.
vwagh-dev Jul 12, 2024
1dcf441
Added form validation i.e. level2
vwagh-dev Jul 12, 2024
ac3cf80
Rebase with #level1
vwagh-dev Jul 12, 2024
fc2ffce
Empty-Commit
vwagh-dev Jul 12, 2024
18e4552
Plugin Development L3: Adding the configuration section with credenti…
vwagh-dev Jul 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions ...a/io/jenkins/plugins/sample/global_configuration/OnboardingPluginGlobalConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package io.jenkins.plugins.sample.global_configuration;

import hudson.Extension;
import hudson.util.FormValidation;
import hudson.util.Secret;
import jenkins.model.GlobalConfiguration;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.QueryParameter;


@Extension
@Symbol("OnboardingPlugin")
public class OnboardingPluginGlobalConfiguration extends GlobalConfiguration {
private String name;
private String description;
private String url;
private String username;
private Secret password;

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

public String getDescription() {
return description;
}

public void setDescription(String description) {
this.description = description;
}

public String getUrl() {
return url;
}

public void setUrl(String url) {
this.url = url;
}

public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;
}

public Secret getPassword() {
return password;
}

public void setPassword(Secret password) {
this.password = password;
System.out.println("Password: " + password);
}

public FormValidation doCheckName(@QueryParameter String name) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doCheckName

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation

Potential CSRF vulnerability: If OnboardingPluginGlobalConfiguration#doCheckName connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
String regex = "^[a-zA-Z ]+$";
if (!name.matches(regex)) {
return FormValidation.warning("Name must contains characters & spaces");
}
return FormValidation.ok();
}

public FormValidation doCheckUsername(@QueryParameter String username) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doCheckUsername

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation

Potential CSRF vulnerability: If OnboardingPluginGlobalConfiguration#doCheckUsername connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
String regex = "^[a-zA-Z]+$";
if (!username.matches(regex)) {
return FormValidation.warning("Username must contains letters only");
}
return FormValidation.ok();
}

public FormValidation doCheckPwd(@QueryParameter String pwd) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doCheckPwd

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation

Potential CSRF vulnerability: If OnboardingPluginGlobalConfiguration#doCheckPwd connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
System.out.println("Check file system pwd:::::::: " + pwd);
return FormValidation.ok();
}
}
26 changes: 26 additions & 0 deletions ...kins/plugins/sample/global_configuration/OnboardingPluginGlobalConfiguration/config.jelly
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<f:section title="Onboarding Plugin">
<f:entry title="${%Name}" field="name">
<f:textbox checkMethod="post" />
</f:entry>
<f:entry title="${%Description}" field="description">
<f:textarea checkMethod="post" />
</f:entry>
</f:section>
<f:block>
<table>
<f:optionalBlock name="dynamic" title="Configuration for connection">
<f:entry title="${%URL}" field="url">
<f:textbox />
</f:entry>
<f:entry title="${%Username}" field="username">
<f:textbox checkMethod="post" />
</f:entry>
<f:entry title="${%Password}" field="password">
<f:password />
</f:entry>
</f:optionalBlock>
</table>
</f:block>
</j:jelly>