JENKINS-62708 PR changes

jenkinsci · Jan 11, 2022 · f7c7de9 · f7c7de9
1 parent ee148dd
commit f7c7de9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
@@ -706,16 +706,14 @@ public synchronized String[] getAclApprovedSignatures() {
     public synchronized void setApprovedScriptHashes(String[] scriptHashes) throws IOException {
         Jenkins.getInstance().checkPermission(Jenkins.RUN_SCRIPTS);
         approvedScriptHashes.clear();
-        List<String> goodScriptHashes = new ArrayList<>(scriptHashes.length);
-        Pattern sha1Pattern = Pattern.compile("^[a-fA-F0-9]{40}$");
+        Pattern sha1Pattern = Pattern.compile("[a-fA-F0-9]{40}");
         for (String scriptHash : scriptHashes) {
             if (scriptHash != null && sha1Pattern.matcher(scriptHash).matches()) {
-                goodScriptHashes.add(scriptHash);
+                approvedScriptHashes.add(scriptHash);
             } else {
-                LOG.warning("Ignoring malformed script hash: " + scriptHash);
+                LOG.warning(() -> "Ignoring malformed script hash: " + scriptHash);
             }
         }
-        approvedScriptHashes.addAll(goodScriptHashes);
         save();
         reconfigure();
     }

diff --git a/src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java b/src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java
@@ -172,6 +172,9 @@ public void upgradeSmokes() throws Exception {
                 new SecureGroovyScript("jenkins.model.Jenkins.instance", true, null)));
         p.getPublishersList().add(new TestGroovyRecorder(
                 new SecureGroovyScript("println(jenkins.model.Jenkins.instance.getLabels())", false, null)));
+        r.assertLogNotContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: "
+                        + "Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance",
+                r.assertBuildStatus(Result.SUCCESS, p.scheduleBuild2(0).get()));
         r.assertLogNotContains("org.jenkinsci.plugins.scriptsecurity.scripts.UnapprovedUsageException: script not yet approved for use",
                 r.assertBuildStatus(Result.SUCCESS, p.scheduleBuild2(0).get()));
     }