In my plugin I’m currently copying files from the agent to the master, but according to SECURITY- 144 I should copy them from the master to the slave.
Before writing a fix for this bug (see JENKINS-56007 [1]) I tried to write an integration test that exposes this bug. However, even if I enable master agent security in my test I can’t reproduce this exception in a test: java.lang.SecurityException: agent may not create E:\Jenkins\Testing\Test warnings-ng plugin\builds\9\files-with-issues\4e1480.tmp See https://jenkins.io/redirect/security-144 for more details at jenkins.SoloFilePathFilter.noFalse(SoloFilePathFilter.java:33) at jenkins.SoloFilePathFilter.create(SoloFilePathFilter.java:63) at hudson.FilePath.writing(FilePath.java:3245) at hudson.FilePath.access$1900(FilePath.java:213) at hudson.FilePath$WritePipe.invoke(FilePath.java:2111) at hudson.FilePath$WritePipe.invoke(FilePath.java:2104) at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3086) This exception is from a Jenkins instance of the bug reporter, but if I set in my test jenkins.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false); then no Exception is thrown. Also if I run Jenkins and an Agent without a test case in a Docker container (connected via SSH) then no exception is thrown. Is there an additional security setting required to enable that kind of agent to master security? [1] https://issues.jenkins-ci.org/browse/JENKINS-56007 <https://issues.jenkins-ci.org/browse/JENKINS-56007> [2] https://github.com/jenkinsci/warnings-ng-plugin/pull/90/files <https://github.com/jenkinsci/warnings-ng-plugin/pull/90/files> -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CCF1EA6D-0FB2-428B-AC1F-4885CD961798%40gmail.com. For more options, visit https://groups.google.com/d/optout.
