Skip to content

Commit 1a3b90f

Browse files
krissternkrisstern
authored
Attempt Deflake - Disable JS in FileParameterValueTest and DirectoryBrowserSupportTest (#10471)
2 parents 6988bc2 + 087a94f commit 1a3b90f

File tree

2 files changed

+48
-35
lines changed

2 files changed

+48
-35
lines changed

test/src/test/java/hudson/model/DirectoryBrowserSupportTest.java

Lines changed: 29 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,12 @@ public class DirectoryBrowserSupportTest {
107107

108108
@Rule public JenkinsRule j = new JenkinsRule();
109109

110+
private JenkinsRule.WebClient getWebClient() {
111+
var wc = j.createWebClient();
112+
wc.getOptions().setJavaScriptEnabled(false);
113+
return wc;
114+
}
115+
110116
/**
111117
* Double dots that appear in file name is OK.
112118
*/
@@ -122,7 +128,7 @@ public void doubleDots() throws Exception {
122128
j.buildAndAssertSuccess(p);
123129

124130
// can we see it?
125-
j.createWebClient().goTo("job/" + p.getName() + "/ws/abc..def", "application/octet-stream");
131+
getWebClient().goTo("job/" + p.getName() + "/ws/abc..def", "application/octet-stream");
126132

127133
// TODO: implement negative check to make sure we aren't serving unexpected directories.
128134
// the following trivial attempt failed. Someone in between is normalizing.
@@ -149,7 +155,7 @@ public void doubleDots2() throws Exception {
149155
p.getBuildersList().add(new Shell("mkdir abc; touch abc/def.bin"));
150156
j.buildAndAssertSuccess(p);
151157

152-
try (JenkinsRule.WebClient wc = j.createWebClient()) {
158+
try (JenkinsRule.WebClient wc = getWebClient()) {
153159
// normal path provided by the UI succeeds
154160
Page page = wc.goTo("job/" + p.getName() + "/ws/abc%5Cdef.bin", "application/octet-stream");
155161
assertEquals(200, page.getWebResponse().getStatusCode());
@@ -170,7 +176,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
170176
j.buildAndAssertSuccess(p);
171177

172178
// can we see it?
173-
j.createWebClient().goTo("job/" + p.getName() + "/ws/%e6%bc%a2%e5%ad%97.bin", "application/octet-stream");
179+
getWebClient().goTo("job/" + p.getName() + "/ws/%e6%bc%a2%e5%ad%97.bin", "application/octet-stream");
174180
}
175181

176182
@Test
@@ -190,7 +196,7 @@ public void glob() throws Exception {
190196
}
191197
});
192198
j.buildAndAssertSuccess(p);
193-
String text = j.createWebClient().goTo("job/" + p.getName() + "/ws/**/*.java").asNormalizedText();
199+
String text = getWebClient().goTo("job/" + p.getName() + "/ws/**/*.java").asNormalizedText();
194200
assertTrue(text, text.contains("X.java"));
195201
assertTrue(text, text.contains("XTest.java"));
196202
assertFalse(text, text.contains("pom.xml"));
@@ -205,7 +211,7 @@ public void zipDownload() throws Exception {
205211
p.getPublishersList().add(new ArtifactArchiver("*", "", true));
206212
j.buildAndAssertSuccess(p);
207213

208-
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
214+
HtmlPage page = getWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
209215
Page download = page.getAnchorByHref("./*zip*/archive.zip").click();
210216
File zipfile = download((UnexpectedPage) download);
211217

@@ -231,7 +237,7 @@ public void zipDownloadFileLeakMx_hypothesis() throws Exception {
231237
p.getPublishersList().add(new ArtifactArchiver("*", "", true));
232238
j.buildAndAssertSuccess(p);
233239

234-
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
240+
HtmlPage page = getWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
235241
Page downloadPage = page.getAnchorByHref("artifact.out").click();
236242
assertEquals(content, downloadPage.getWebResponse().getContentAsString());
237243
}
@@ -254,7 +260,7 @@ public void zipDownloadFileLeakMx() throws Exception {
254260
p.getPublishersList().add(new ArtifactArchiver("*", "", true));
255261
j.buildAndAssertSuccess(p);
256262

257-
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
263+
HtmlPage page = getWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
258264
for (int clicks = 0; clicks < numOfClicks; clicks++) {
259265
page.getAnchorByHref("artifact.out").click();
260266
}
@@ -308,7 +314,7 @@ public void contentSecurityPolicy() throws Exception {
308314
p.getPublishersList().add(new ArtifactArchiver("*", "", true));
309315
j.buildAndAssertSuccess(p);
310316

311-
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/test.html");
317+
HtmlPage page = getWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/test.html");
312318
for (String header : new String[]{"Content-Security-Policy", "X-WebKit-CSP", "X-Content-Security-Policy"}) {
313319
assertEquals("Header set: " + header, DirectoryBrowserSupport.DEFAULT_CSP_VALUE, page.getWebResponse().getResponseHeaderValue(header));
314320
}
@@ -317,7 +323,7 @@ public void contentSecurityPolicy() throws Exception {
317323
String initialValue = System.getProperty(propName);
318324
try {
319325
System.setProperty(propName, "");
320-
page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/test.html");
326+
page = getWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/test.html");
321327
List<String> headers = page.getWebResponse().getResponseHeaders().stream().map(NameValuePair::getName).collect(Collectors.toList());
322328
for (String header : new String[]{"Content-Security-Policy", "X-WebKit-CSP", "X-Content-Security-Policy"}) {
323329
assertThat(headers, not(hasItem(header)));
@@ -351,7 +357,7 @@ public void externalURLDownload() throws Exception {
351357
p.setScm(new SingleFileSCM("f", "Hello world!"));
352358
p.getPublishersList().add(new ArtifactArchiver("f"));
353359
j.buildAndAssertSuccess(p);
354-
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
360+
HtmlPage page = getWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/artifact/");
355361
Page download = page.getAnchorByText("f").click();
356362
assertEquals("Hello world!", download.getWebResponse().getContentAsString());
357363
}
@@ -614,7 +620,7 @@ public void symlink_outsideWorkspace_areNotAllowed() throws Exception {
614620

615621
j.buildAndAssertSuccess(p);
616622

617-
JenkinsRule.WebClient wc = j.createWebClient();
623+
JenkinsRule.WebClient wc = getWebClient();
618624
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
619625
{ // workspace root must be reachable (regular case)
620626
Page page = wc.goTo(p.getUrl() + "ws/", null);
@@ -759,7 +765,7 @@ public void symlink_avoidLeakingInformation_aboutIllegalFolder() throws Exceptio
759765

760766
j.buildAndAssertSuccess(p);
761767

762-
JenkinsRule.WebClient wc = j.createWebClient();
768+
JenkinsRule.WebClient wc = getWebClient();
763769
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
764770

765771
// the pattern allow us to search inside the files / folders,
@@ -822,7 +828,7 @@ public void junctionAndSymlink_outsideWorkspace_areNotAllowed_windowsJunction()
822828

823829
j.buildAndAssertSuccess(p);
824830

825-
JenkinsRule.WebClient wc = j.createWebClient();
831+
JenkinsRule.WebClient wc = getWebClient();
826832
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
827833
{ // workspace root must be reachable (regular case)
828834
Page page = wc.goTo(p.getUrl() + "ws/", null);
@@ -975,7 +981,7 @@ public void directSymlink_forTestingZip() throws Exception {
975981
c3.mkdirs();
976982
c3.child("to_secrets3").symlinkTo(secretsFolder.getAbsolutePath(), TaskListener.NULL);
977983

978-
JenkinsRule.WebClient wc = j.createWebClient();
984+
JenkinsRule.WebClient wc = getWebClient();
979985
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
980986
{
981987
Page zipPage = wc.goTo(p.getUrl() + "ws/*zip*/ws.zip", null);
@@ -1042,7 +1048,7 @@ public void symlink_insideWorkspace_areNotAllowedAnymore() throws Exception {
10421048

10431049
j.buildAndAssertSuccess(p);
10441050

1045-
JenkinsRule.WebClient wc = j.createWebClient();
1051+
JenkinsRule.WebClient wc = getWebClient();
10461052
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
10471053
{ // workspace root must be reachable (regular case)
10481054
Page page = wc.goTo(p.getUrl() + "ws/", null);
@@ -1111,7 +1117,7 @@ public void windows_cannotViewAbsolutePath() throws Exception {
11111117
String content = "random data provided as fixed value";
11121118
Files.writeString(targetTmpPath, content, StandardCharsets.UTF_8);
11131119

1114-
try (JenkinsRule.WebClient wc = j.createWebClient()) {
1120+
try (JenkinsRule.WebClient wc = getWebClient()) {
11151121
wc.setThrowExceptionOnFailingStatusCode(false);
11161122
HtmlPage page = wc.goTo("userContent/" + targetTmpPath.toAbsolutePath() + "/*view*");
11171123
assertEquals(404, page.getWebResponse().getStatusCode());
@@ -1133,7 +1139,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
11331139
});
11341140
assertEquals(Result.SUCCESS, p.scheduleBuild2(0).get().getResult());
11351141

1136-
String text = j.createWebClient().goTo("job/" + p.getName() + "/ws/").asNormalizedText();
1142+
String text = getWebClient().goTo("job/" + p.getName() + "/ws/").asNormalizedText();
11371143
assertTrue(text, text.contains("anotherDir"));
11381144
assertFalse(text, text.contains("subdir"));
11391145
}
@@ -1163,7 +1169,7 @@ public void tmpNotListedWithGlob() throws Exception {
11631169

11641170
assertEquals(Result.SUCCESS, p.scheduleBuild2(0).get().getResult());
11651171

1166-
String text = j.createWebClient().goTo("job/" + p.getName() + "/ws/**/*.txt").asNormalizedText();
1172+
String text = getWebClient().goTo("job/" + p.getName() + "/ws/**/*.txt").asNormalizedText();
11671173
assertTrue(text, text.contains("one.txt"));
11681174
assertTrue(text, text.contains("two.txt"));
11691175
assertFalse(text, text.contains("three.txt"));
@@ -1192,7 +1198,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
11921198
});
11931199
assertEquals(Result.SUCCESS, p.scheduleBuild2(0).get().getResult());
11941200

1195-
JenkinsRule.WebClient wc = j.createWebClient();
1201+
JenkinsRule.WebClient wc = getWebClient();
11961202
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
11971203

11981204
Page page = wc.goTo(p.getUrl() + "ws/anotherDir/", null);
@@ -1222,7 +1228,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
12221228
});
12231229
assertEquals(Result.SUCCESS, p.scheduleBuild2(0).get().getResult());
12241230

1225-
String text = j.createWebClient().goTo("job/" + p.getName() + "/ws/*plain*", "text/plain").getWebResponse().getContentAsString();
1231+
String text = getWebClient().goTo("job/" + p.getName() + "/ws/*plain*", "text/plain").getWebResponse().getContentAsString();
12261232
assertTrue(text, text.contains("anotherDir"));
12271233
assertFalse(text, text.contains("subdir"));
12281234
}
@@ -1255,7 +1261,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
12551261
});
12561262
assertEquals(Result.SUCCESS, p.scheduleBuild2(0).get().getResult());
12571263

1258-
JenkinsRule.WebClient wc = j.createWebClient();
1264+
JenkinsRule.WebClient wc = getWebClient();
12591265
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
12601266

12611267
//http://localhost:54407/jenkins/job/test0/ws/**/*.txt/*zip*/glob.zip
@@ -1308,7 +1314,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
13081314
});
13091315
assertEquals(Result.SUCCESS, p.scheduleBuild2(0).get().getResult());
13101316

1311-
JenkinsRule.WebClient wc = j.createWebClient();
1317+
JenkinsRule.WebClient wc = getWebClient();
13121318
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
13131319

13141320
Page zipPage = wc.goTo("job/" + p.getName() + "/ws/**/*.txt/*zip*/glob.zip", null);
@@ -1329,7 +1335,7 @@ public void canViewRelativePath() throws Exception {
13291335

13301336
Files.writeString(testFile.toPath(), content, StandardCharsets.UTF_8);
13311337

1332-
JenkinsRule.WebClient wc = j.createWebClient().withThrowExceptionOnFailingStatusCode(false);
1338+
JenkinsRule.WebClient wc = getWebClient().withThrowExceptionOnFailingStatusCode(false);
13331339
Page page = wc.goTo("userContent/test.txt/*view*", null);
13341340

13351341
MatcherAssert.assertThat(page.getWebResponse().getStatusCode(), equalTo(200));

test/src/test/java/hudson/model/FileParameterValueTest.java

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,12 @@ public class FileParameterValueTest {
5959
@Rule
6060
public TemporaryFolder tmp = new TemporaryFolder();
6161

62+
private JenkinsRule.WebClient getWebClient() {
63+
var wc = j.createWebClient();
64+
wc.getOptions().setJavaScriptEnabled(false);
65+
return wc;
66+
}
67+
6268
@Test
6369
@Issue("SECURITY-1074")
6470
public void fileParameter_cannotCreateFile_outsideOfBuildFolder() throws Exception {
@@ -85,7 +91,7 @@ public void fileParameter_cannotCreateFile_outsideOfBuildFolder() throws Excepti
8591
assertThat(root.child("root-level.txt").exists(), equalTo(false));
8692

8793
// ensure also the file is not reachable by request
88-
JenkinsRule.WebClient wc = j.createWebClient();
94+
JenkinsRule.WebClient wc = getWebClient();
8995
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
9096

9197
checkUrlNot200AndNotContains(wc, build.getUrl() + "parameters/parameter/..%2F..%2F..%2F..%2F..%2Froot-level.txt/uploaded-file.txt", uploadedContent);
@@ -125,7 +131,7 @@ public void fileParameter_cannotCreateFile_outsideOfBuildFolder_SEC1424() throws
125131
assertThat(root.child("pwned").exists(), equalTo(false));
126132

127133
// ensure also the file is not reachable by request
128-
JenkinsRule.WebClient wc = j.createWebClient();
134+
JenkinsRule.WebClient wc = getWebClient();
129135
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
130136
}
131137

@@ -152,7 +158,7 @@ public void fileParameter_cannotCreateFile_outsideOfBuildFolder_LeadingDoubleDot
152158
assertThat(root.child("pwned").exists(), equalTo(false));
153159

154160
// ensure also the file is not reachable by request
155-
JenkinsRule.WebClient wc = j.createWebClient();
161+
JenkinsRule.WebClient wc = getWebClient();
156162
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
157163
}
158164

@@ -190,7 +196,7 @@ public void fileParameter_cannotCreateFile_outsideOfBuildFolder_backslashEdition
190196
assertThat(root.child("root-level.txt").exists(), equalTo(false));
191197

192198
// ensure also the file is not reachable by request
193-
JenkinsRule.WebClient wc = j.createWebClient();
199+
JenkinsRule.WebClient wc = getWebClient();
194200
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
195201

196202
checkUrlNot200AndNotContains(wc, build.getUrl() + "parameters/parameter/..\\..\\..\\..\\..\\root-level.txt/uploaded-file.txt", uploadedContent);
@@ -218,7 +224,7 @@ public void fileParameter_withSingleDot() throws Exception {
218224
assertThat(build.getResult(), equalTo(Result.FAILURE));
219225

220226
// ensure also the file is not reachable by request
221-
JenkinsRule.WebClient wc = j.createWebClient();
227+
JenkinsRule.WebClient wc = getWebClient();
222228
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
223229

224230
checkUrlNot200AndNotContains(wc, build.getUrl() + "parameters/parameter/uploaded-file.txt", uploadedContent);
@@ -246,7 +252,7 @@ public void fileParameter_withDoubleDot() throws Exception {
246252
assertThat(build.getResult(), equalTo(Result.FAILURE));
247253

248254
// ensure also the file is not reachable by request
249-
JenkinsRule.WebClient wc = j.createWebClient();
255+
JenkinsRule.WebClient wc = getWebClient();
250256
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
251257

252258
checkUrlNot200AndNotContains(wc, build.getUrl() + "parameters/uploaded-file.txt", uploadedContent);
@@ -281,7 +287,7 @@ public void fileParameter_cannotEraseFile_outsideOfBuildFolder() throws Exceptio
281287
assertThat(root.child("root-level.txt").readToString(), equalTo(initialContent));
282288

283289
// ensure also the file is not reachable by request
284-
JenkinsRule.WebClient wc = j.createWebClient();
290+
JenkinsRule.WebClient wc = getWebClient();
285291
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
286292

287293
checkUrlNot200AndNotContains(wc, build.getUrl() + "parameters/parameter/..%2F..%2F..%2F..%2F..%2Froot-level.txt/uploaded-file.txt", uploadedContent);
@@ -317,7 +323,7 @@ public void fileParameter_canStillUse_internalHierarchy() throws Exception {
317323
assertTrue(build.getWorkspace().child("parent").child("child2.txt").exists());
318324

319325
// and reachable using request
320-
JenkinsRule.WebClient wc = j.createWebClient();
326+
JenkinsRule.WebClient wc = getWebClient();
321327
HtmlPage workspacePage = wc.goTo(p.getUrl() + "ws");
322328
String workspaceContent = workspacePage.getWebResponse().getContentAsString();
323329
assertThat(workspaceContent, allOf(
@@ -351,7 +357,7 @@ public void fileParameter_canStillUse_doubleDotsInFileName() throws Exception {
351357
assertTrue(build.getWorkspace().child("weird..name.txt").exists());
352358

353359
// and reachable using request
354-
JenkinsRule.WebClient wc = j.createWebClient();
360+
JenkinsRule.WebClient wc = getWebClient();
355361
HtmlPage workspacePage = wc.goTo(p.getUrl() + "ws");
356362
String workspaceContent = workspacePage.getWebResponse().getContentAsString();
357363
assertThat(workspaceContent, containsString("weird..name.txt"));
@@ -379,7 +385,7 @@ public void fileParameter_canStillUse_TildeInFileName() throws Exception {
379385
assertTrue(build.getWorkspace().child("~name").exists());
380386

381387
// and reachable using request
382-
JenkinsRule.WebClient wc = j.createWebClient();
388+
JenkinsRule.WebClient wc = getWebClient();
383389
HtmlPage workspacePage = wc.goTo(p.getUrl() + "ws");
384390
String workspaceContent = workspacePage.getWebResponse().getContentAsString();
385391
assertThat(workspaceContent, containsString("~name"));
@@ -391,7 +397,8 @@ public void fileParameter_canStillUse_TildeInFileName() throws Exception {
391397
public void contentSecurityPolicy() throws Exception {
392398
FreeStyleProject p = j.jenkins.getItemByFullName("SECURITY-1793", FreeStyleProject.class);
393399

394-
HtmlPage page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/parameters/parameter/html.html/html.html");
400+
var wc = getWebClient();
401+
HtmlPage page = wc.goTo("job/" + p.getName() + "/lastSuccessfulBuild/parameters/parameter/html.html/html.html");
395402
for (String header : new String[]{"Content-Security-Policy", "X-WebKit-CSP", "X-Content-Security-Policy"}) {
396403
assertEquals("Header set: " + header, DirectoryBrowserSupport.DEFAULT_CSP_VALUE, page.getWebResponse().getResponseHeaderValue(header));
397404
}
@@ -400,7 +407,7 @@ public void contentSecurityPolicy() throws Exception {
400407
String initialValue = System.getProperty(propName);
401408
try {
402409
System.setProperty(propName, "");
403-
page = j.createWebClient().goTo("job/" + p.getName() + "/lastSuccessfulBuild/parameters/parameter/html.html/html.html");
410+
page = wc.goTo("job/" + p.getName() + "/lastSuccessfulBuild/parameters/parameter/html.html/html.html");
404411
List<String> headers = page.getWebResponse().getResponseHeaders().stream().map(NameValuePair::getName).collect(Collectors.toList());
405412
for (String header : new String[]{"Content-Security-Policy", "X-WebKit-CSP", "X-Content-Security-Policy"}) {
406413
assertThat(headers, not(hasItem(header)));

0 commit comments

Comments
 (0)