Verifies the integrety of the projects, as builds are executed immediately after a code change was detected. This plan provides no artifiacts (use a nightly build instead).

Build: #1835 was successful Changes by daryl herzmann <akrherz@iastate.edu>

Build result summary

Details

Completed
Queue duration
< 1 second
Duration
49 seconds
Labels
None
Agent
Default Agent
Revision
8b4e42c45c386d9578fe6a8624746c514210706b
Total tests
351
Successful since
#1809 ()

Tests

Code commits

Author Commit Message Commit date
daryl herzmann <akrherz@iastate.edu> daryl herzmann <akrherz@iastate.edu> 8b4e42c45c386d9578fe6a8624746c514210706b Merge pull request #1440 from guusdk/OF-1021_plugin-upload-file_extensions
OF-1021: Additional checks on (uploaded) plugin files
Guus der Kinderen Guus der Kinderen 28972842d1d4147e018959d790dd1e9d22a540c7 m OF-1021: Verify magic bytes of uploaded plugins
Commit 9c62dbf599f266bde214c5a68a004708edc7da48 adds code that removes uploaded files that cannot be parsed as JAR files.

To further guard against malicous files being uploaded, this commit verifies the magic bytes (the first few bytes) of the uploaded file.

The new functionality is controlled by two new properties:
- plugins.upload.magic-number-check.enabled A boolean value that enables or disables the check (defaults to true).
- plugins.upload.magic-number.values.expected-value A list of hex representations of valid magic byte sequences (defaults to "504B0304", "504B0506", "504B0708").
Guus der Kinderen Guus der Kinderen 368db057c0a33b65598c77dc7f8eea8bef1d5c11 m OF-1021: Verify JAR content
Commit 9c62dbf599f266bde214c5a68a004708edc7da48 adds code that removes uploaded files that cannot be parsed as JAR files.

To further guard against malicous files being uploaded, this commit verifies that the uploaded JAR file contains a 'plugin.xml' entry.

The new functionality is controlled by two new properties:
- plugins.upload.pluginxml-check.enabled A boolean value that enables or disables the check (defaults to true).
Guus der Kinderen Guus der Kinderen 72cf4bf6dd5ea7df2ad4f60b8587b4cfcc579d63 m OF-1021: Verify content type of uploaded plugins
Commit 9c62dbf599f266bde214c5a68a004708edc7da48 adds code that removes uploaded files that cannot be parsed as JAR files.

To further guard against malicous files being uploaded, this commit adds functionality to allow to verify the content type, as specified by the browser, of the uploaded file.

As a potential attacker is likely to be able to modify the reported content type. The added security value of this change is therefor not very signification. By default, this functionality is therefor disabled, to prevent valid use cased from being stopped by this.

The new functionality is controlled by two new properties:
- plugins.upload.content-type-check.enabled A boolean value that enables or disables the check (defaults to false).
- plugins.upload.content-type-check.expected-value Text value that is the expected content type (defaults to application/x-java-archive).
Guus der Kinderen Guus der Kinderen f1a8ec1f641117c0570e0d6471f63828bc419394 m Fixed logged messages.

Jira issues

IssueDescriptionStatus
Unknown Issue TypeOF-1021Could not obtain issue details from Jira