Skip to content

Testing the connection i.e. level4 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
vwagh-dev wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Testing the connection i.e. level4 #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ec888b9
Added global configuration page with one text box & textarea each i.e…
vwagh-dev Jul 7, 2024
c45d2f9
Added form validation i.e. level2
vwagh-dev Jul 12, 2024
4d7b540
Added getter/setter for the form fields.
vwagh-dev Jul 12, 2024
1dcf441
Added form validation i.e. level2
vwagh-dev Jul 12, 2024
ac3cf80
Rebase with #level1
vwagh-dev Jul 12, 2024
fc2ffce
Empty-Commit
vwagh-dev Jul 12, 2024
18e4552
Plugin Development L3: Adding the configuration section with credenti…
vwagh-dev Jul 15, 2024
f440400
Connection testing functionality i.e. level4
vwagh-dev Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 108 additions & 0 deletions ...a/io/jenkins/plugins/sample/global_configuration/OnboardingPluginGlobalConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
package io.jenkins.plugins.sample.global_configuration;

import hudson.Extension;
import hudson.util.FormValidation;
import hudson.util.Secret;
import jenkins.model.GlobalConfiguration;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;

import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.Base64;


@Extension
@Symbol("OnboardingPlugin")
public class OnboardingPluginGlobalConfiguration extends GlobalConfiguration {

private String name;
private String description;
private String url;
private String username;
private Secret password;

public String getName() {
return name;
}

public void setName(String name) {
this.name = name;
}

public String getDescription() {
return description;
}

public void setDescription(String description) {
this.description = description;
}

public String getUrl() {
return url;
}

public void setUrl(String url) {
this.url = url;
}

public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;
}

public Secret getPassword() {
return password;
}

public void setPassword(Secret password) {
this.password = password;
System.out.println("Password: " + password);
}

public FormValidation doCheckName(@QueryParameter String name) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doCheckName

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation

Potential CSRF vulnerability: If OnboardingPluginGlobalConfiguration#doCheckName connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
String regex = "^[a-zA-Z ]+$";
if (!name.matches(regex)) {
return FormValidation.warning("Name must contains characters & spaces");
}
return FormValidation.ok();
}

public FormValidation doCheckUsername(@QueryParameter String username) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doCheckUsername

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation

Potential CSRF vulnerability: If OnboardingPluginGlobalConfiguration#doCheckUsername connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
String regex = "^[a-zA-Z]+$";
if (!username.matches(regex)) {
return FormValidation.warning("Username must contains letters only");
}
return FormValidation.ok();
}

public FormValidation doCheckPwd(@QueryParameter String pwd) {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doCheckPwd

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation

Potential CSRF vulnerability: If OnboardingPluginGlobalConfiguration#doCheckPwd connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST
System.out.println("Check file system pwd:::::::: " + pwd);
return FormValidation.ok();
}

@POST
public FormValidation doTestConnection(@QueryParameter String url, @QueryParameter String username, @QueryParameter Secret password) throws IOException, InterruptedException {

Check warning

Code scanning / Jenkins Security Scan

Stapler: Missing permission check

Potential missing permission check in OnboardingPluginGlobalConfiguration#doTestConnection
String credentials = String.join(":", username, password.getPlainText());
String headerValue = "Basic " + Base64.getEncoder().encodeToString(credentials.getBytes());
var client = HttpClient.newHttpClient();


var request = HttpRequest.newBuilder().uri(URI.create(url))
.header("Authorization", headerValue)
.GET().build();

var responseFuture = client.send(request, HttpResponse.BodyHandlers.ofString());
if (responseFuture.statusCode() != 200) {
return FormValidation.error("Connection Failed: Provided configuration details are not correct. Response Code: "+ responseFuture.statusCode());
}
return FormValidation.ok("<>Connection Success!!! ");
}
}
28 changes: 28 additions & 0 deletions ...kins/plugins/sample/global_configuration/OnboardingPluginGlobalConfiguration/config.jelly
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<f:section title="Onboarding Plugin">
<f:entry title="${%Name}" field="name">
<f:textbox checkMethod="post" />
</f:entry>
<f:entry title="${%Description}" field="description">
<f:textarea checkMethod="post" />
</f:entry>
</f:section>
<f:block>
<table>
<f:optionalBlock name="dynamic" title="Configuration for connection">
<f:entry title="${%URL}" field="url">
<f:textbox />
</f:entry>
<f:entry title="${%Username}" field="username">
<f:textbox checkMethod="post" />
</f:entry>
<f:entry title="${%Password}" field="password">
<f:password />
</f:entry>
<f:validateButton title="Test Connection" method="testConnection"
with="url,username,password" />
</f:optionalBlock>
</table>
</f:block>
</j:jelly>