org.jenkinsci.plugins.rolestrategy.permissions.DangerousPermissionHelper.java Source code

Introduction

Here is the source code for org.jenkinsci.plugins.rolestrategy.permissions.DangerousPermissionHelper.java

Source

/*
 * The MIT License
 *
 * Copyright (c) 2017 CloudBees, Inc.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */
package org.jenkinsci.plugins.rolestrategy.permissions;

import com.michelin.cio.hudson.plugins.rolestrategy.Role;
import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy;
import hudson.PluginManager;
import hudson.security.Permission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.SortedMap;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

/**
 * Helper methods for dangerous permission handling.
 * @author Oleg Nenashev
 */
@Restricted(NoExternalUse.class)
public class DangerousPermissionHelper {

    /**
     * List of the dangerous permissions, which need to be suppressed by the plugin.
     */
    @Restricted(NoExternalUse.class)
    public static final Set<Permission> DANGEROUS_PERMISSIONS = Collections
            .unmodifiableSet(new HashSet<Permission>(Arrays.asList(Jenkins.RUN_SCRIPTS,
                    PluginManager.CONFIGURE_UPDATECENTER, PluginManager.UPLOAD_PLUGINS)));

    private DangerousPermissionHelper() {
        // Cannot be constructed
    }

    /**
     * Check if the permissions is dangerous.
     * Takes the current {@link DangerousPermissionHandlingMode} into account.
     * @param p Permission
     * @return {@code true} if the permission is considered as dangerous.
     *         Always {@code false} in the {@link DangerousPermissionHandlingMode#ENABLED} mode.
     */
    public static boolean isDangerous(@Nonnull Permission p) {
        if (DangerousPermissionHandlingMode.CURRENT == DangerousPermissionHandlingMode.ENABLED) {
            // all permissions are fine
            return false;
        }

        return DANGEROUS_PERMISSIONS.contains(p);
    }

    /**
     * Checks if the role is potentially dangerous.
     * Does not take the current {@link DangerousPermissionHandlingMode} into account.
     * @param r Role
     * @return {@code true} if the role contains a dangerous permission without {@link Jenkins#ADMINISTER}.
     */
    public static boolean hasPotentiallyDangerousPermissions(@Nonnull Role r) {
        // We do not care about permissions for Jenkins admins, otherwise we report the issue
        return !r.hasPermission(Jenkins.ADMINISTER) && r.hasAnyPermission(DANGEROUS_PERMISSIONS);
    }

    /**
     * Prepare the report string about dangerous roles.
     * @param strategy Strategy
     * @return Summary report string describing dangerous roles.
     *         {@code null} if all roles are fine.
     */
    @CheckForNull
    public static String reportDangerousPermissions(@Nonnull RoleBasedAuthorizationStrategy strategy) {
        SortedMap<Role, Set<String>> grantedRoles = strategy.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL);
        return reportDangerousPermissions(grantedRoles.keySet());
    }

    /**
     * Prepare the report string about dangerous roles.
     * @param roles Roles
     * @return Summary report string describing dangerous roles.
     *         {@code null} if all roles are fine.
     */
    @CheckForNull
    public static String reportDangerousPermissions(@Nonnull Iterable<Role> roles) {
        final ArrayList<String> dangerousRoleNames = new ArrayList<String>();
        for (Role role : roles) {
            if (hasPotentiallyDangerousPermissions(role)) {
                dangerousRoleNames.add(role.getName());
            }
        }

        if (dangerousRoleNames.isEmpty()) {
            // No dangerous roles
            return null;
        }

        StringBuilder report = new StringBuilder("Dangerous roles found: [");
        report.append(StringUtils.join(dangerousRoleNames, ","));
        report.append("] do not declare Jenkins.ADMINISTER and contain one of the following permissions: ");
        report.append(StringUtils.join(DANGEROUS_PERMISSIONS, ","));
        return report.toString();
    }

    @CheckForNull
    public static boolean hasDangerousPermissions(@Nonnull RoleBasedAuthorizationStrategy strategy) {
        SortedMap<Role, Set<String>> grantedRoles = strategy.getGrantedRoles(RoleBasedAuthorizationStrategy.GLOBAL);
        return hasDangerousPermissions(grantedRoles.keySet());
    }

    @CheckForNull
    public static boolean hasDangerousPermissions(@Nonnull Iterable<Role> roles) {
        for (Role role : roles) {
            if (hasPotentiallyDangerousPermissions(role)) {
                return true;
            }
        }
        return false;
    }
}