Skip to content

[SECURITY-2290] check permission as well #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gmcdonald merged 3 commits into from
Feb 21, 2022
Merged

[SECURITY-2290] check permission as well #58

gmcdonald merged 3 commits into from
Feb 21, 2022

Conversation

@olamy
Copy link
Member

@olamy olamy commented Feb 17, 2022

Signed-off-by: Olivier Lamy [email protected]

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@olamy olamy added the bug label Feb 17, 2022
Kevin-CB
Kevin-CB approved these changes Feb 21, 2022
View reviewed changes
Copy link
Contributor

@Kevin-CB Kevin-CB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this fix locally, the vulnerability is no longer present, however it is necessary to correct the 2 small copy paste typo.

@olamy
Copy link
Member Author

olamy commented Feb 21, 2022

oops my bad typo. good catch!

olamy and others added 2 commits February 21, 2022 18:10
@olamy @Kevin-CB
Update src/main/java/jenkins/plugins/publish_over_ssh/descriptor/BapS…
afaac21 
…shPublisherPluginDescriptor.java

Co-authored-by: Kevin Guerroudj <[email protected]>
@olamy @Kevin-CB
Update src/main/java/jenkins/plugins/publish_over_ssh/descriptor/BapS…
1dc2f26 
…shHostConfigurationDescriptor.java

Co-authored-by: Kevin Guerroudj <[email protected]>
@gmcdonald gmcdonald self-assigned this Feb 21, 2022
@gmcdonald gmcdonald merged commit a49b27d into master Feb 21, 2022
daniel-beck
daniel-beck reviewed Feb 21, 2022
View reviewed changes
...main/java/jenkins/plugins/publish_over_ssh/descriptor/BapSshHostConfigurationDescriptor.java
return FormValidation.validateNonNegativeInteger(value);
}

@RequirePOST
Copy link
Member

@daniel-beck daniel-beck Feb 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No side effects, so not strictly necessary, but doesn't hurt either assuming the UI controls send POST.

@Wadeck Wadeck mentioned this pull request Feb 23, 2022
Merged
@gmcdonald gmcdonald deleted the SECURITY-2290-2 branch July 5, 2023 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-beck daniel-beck daniel-beck left review comments

@Kevin-CB Kevin-CB Kevin-CB approved these changes

Assignees

@gmcdonald gmcdonald

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@olamy @gmcdonald @daniel-beck @Wadeck @knowyi @Kevin-CB