Skip to content

Commit ce7f5f2

Browse files
daniel-beckdaniel-beck
committed
[SECURITY-915]
1 parent a87f28f commit ce7f5f2

File tree

3 files changed

+11
-2
lines changed

3 files changed

+11
-2
lines changed

src/main/java/com/cloudbees/jenkins/GitHubPushTrigger.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -403,6 +403,10 @@ private static ThreadFactory threadFactory() {
403403
public FormValidation doCheckHookRegistered(@AncestorInPath Item item) {
404404
Preconditions.checkNotNull(item, "Item can't be null if wants to check hook in monitor");
405405

406+
if (!item.hasPermission(Item.CONFIGURE)) {
407+
return FormValidation.ok();
408+
}
409+
406410
Collection<GitHubRepositoryName> repos = GitHubRepositoryNameContributor.parseAssociatedNames(item);
407411

408412
for (GitHubRepositoryName repo : repos) {

src/main/java/org/jenkinsci/plugins/github/config/GitHubPluginConfig.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,9 @@ public String getDisplayName() {
179179
}
180180

181181
@SuppressWarnings("unused")
182+
@RequirePOST
182183
public FormValidation doReRegister() {
184+
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
183185
if (!GitHubPlugin.configuration().isManageHooks()) {
184186
return FormValidation.warning("Works only when Jenkins manages hooks (one or more creds specified)");
185187
}

src/main/java/org/jenkinsci/plugins/github/config/GitHubTokenCredentialsCreator.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import org.kohsuke.github.GitHub;
2525
import org.kohsuke.github.GitHubBuilder;
2626
import org.kohsuke.stapler.QueryParameter;
27+
import org.kohsuke.stapler.interceptor.RequirePOST;
2728
import org.slf4j.Logger;
2829
import org.slf4j.LoggerFactory;
2930

@@ -113,10 +114,11 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl, @Que
113114
}
114115

115116
@SuppressWarnings("unused")
117+
@RequirePOST
116118
public FormValidation doCreateTokenByCredentials(
117119
@QueryParameter String apiUrl,
118120
@QueryParameter String credentialsId) {
119-
121+
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
120122
if (isEmpty(credentialsId)) {
121123
return FormValidation.error("Please specify credentials to create token");
122124
}
@@ -156,11 +158,12 @@ public FormValidation doCreateTokenByCredentials(
156158
}
157159

158160
@SuppressWarnings("unused")
161+
@RequirePOST
159162
public FormValidation doCreateTokenByPassword(
160163
@QueryParameter String apiUrl,
161164
@QueryParameter String login,
162165
@QueryParameter String password) {
163-
166+
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
164167
try {
165168
GHAuthorization token = createToken(login, password, defaultIfBlank(apiUrl, GITHUB_URL));
166169
StandardCredentials credentials = createCredentials(apiUrl, token.getToken(), login);

0 commit comments

Comments
 (0)