jenkinsci · jglick · May 25, 2022 · May 9, 2022 · May 18, 2022 · dwnusbaum
@@ -13,7 +13,7 @@
     <properties>
         <changelist>999999-SNAPSHOT</changelist>
         <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
-        <jenkins.version>2.277.1</jenkins.version>
+        <jenkins.version>2.332.1</jenkins.version>
     </properties>
     <name>Command Agent Launcher Plugin</name>
     <description>Allows agents to be launched using a specified command.</description>
@@ -46,8 +46,8 @@
         <dependencies>
             <dependency>
                 <groupId>io.jenkins.tools.bom</groupId>
-                <artifactId>bom-2.277.x</artifactId>
-                <version>984.vb5eaac999a7e</version>
+                <artifactId>bom-2.332.x</artifactId>
+                <version>1382.v7d694476f340</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -57,6 +57,7 @@
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>script-security</artifactId>
+            <version>1172.v35f6a_0b_8207e</version><!-- TODO: Remove when version in BOM is at least that -->
         </dependency>
         <dependency>
             <groupId>io.jenkins</groupId>

@@ -23,19 +23,26 @@
  */
 package hudson.slaves;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.Nullable;
 import hudson.EnvVars;
 import hudson.Extension;
 import hudson.Util;
 import hudson.model.TaskListener;
 import hudson.util.FormValidation;
 import java.io.IOException;
+
+import net.sf.json.JSONObject;
+import org.apache.commons.lang.StringUtils;
 import org.jenkinsci.Symbol;
 import org.jenkinsci.plugins.command_launcher.Messages;
 import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext;
 import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;
 import org.jenkinsci.plugins.scriptsecurity.scripts.languages.SystemCommandLanguage;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.Stapler;
+import org.kohsuke.stapler.StaplerRequest;
 
 /**
  * Executes a program on the controller and expect that script to connect.
@@ -49,11 +56,11 @@ public class CommandConnector extends ComputerConnector {
     public CommandConnector(String command) {
         this.command = command;
         // TODO add withKey if we can determine the Cloud.name being configured
-        ScriptApproval.get().configuring(command, SystemCommandLanguage.get(), ApprovalContext.create().withCurrentUser());
+        ScriptApproval.get().configuring(command, SystemCommandLanguage.get(), ApprovalContext.create().withCurrentUser(), Stapler.getCurrentRequest() == null);
     }
 
     private Object readResolve() {
-        ScriptApproval.get().configuring(command, SystemCommandLanguage.get(), ApprovalContext.create());
+        ScriptApproval.get().configuring(command, SystemCommandLanguage.get(), ApprovalContext.create(), true);
         return this;
     }
 
@@ -65,16 +72,30 @@ public CommandLauncher launch(String host, TaskListener listener) throws IOExcep
 
     @Extension @Symbol("command")
     public static class DescriptorImpl extends ComputerConnectorDescriptor {
+        @Override
+        public ComputerConnector newInstance(@Nullable StaplerRequest req, @NonNull JSONObject formData) throws FormException {
+            CommandConnector instance = (CommandConnector) super.newInstance(req, formData);
+            if (formData.get("oldCommand") != null) {
+                String oldCommand = formData.getString("oldCommand");
+                boolean approveIfAdmin = !StringUtils.equals(oldCommand, instance.command);
+                if (approveIfAdmin) {
+                    ScriptApproval.get().configuring(instance.command, SystemCommandLanguage.get(),
+                            ApprovalContext.create().withCurrentUser(), true);
+                }
+            }
+            return instance;
+        }
+
         @Override
         public String getDisplayName() {
             return Messages.CommandLauncher_displayName();
         }
 
-        public FormValidation doCheckCommand(@QueryParameter String value) {
+        public FormValidation doCheckCommand(@QueryParameter String value, @QueryParameter String oldCommand) {
             if (Util.fixEmptyAndTrim(value) == null) {
                 return FormValidation.error(Messages.CommandLauncher_NoLaunchCommand());
             } else {
-                return ScriptApproval.get().checking(value, SystemCommandLanguage.get());
+                return ScriptApproval.get().checking(value, SystemCommandLanguage.get(), !StringUtils.equals(value, oldCommand));
             }
         }
 

@@ -23,6 +23,8 @@
  */
 package hudson.slaves;
 
+import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.Nullable;
 import hudson.AbortException;
 import hudson.EnvVars;
 import hudson.Extension;
@@ -40,6 +42,7 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import jenkins.model.Jenkins;
+import net.sf.json.JSONObject;
 import org.apache.commons.lang.StringUtils;
 import org.jenkinsci.Symbol;
 import org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext;
@@ -48,6 +51,8 @@
 import org.jenkinsci.plugins.scriptsecurity.scripts.languages.SystemCommandLanguage;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.QueryParameter;
+import org.kohsuke.stapler.Stapler;
+import org.kohsuke.stapler.StaplerRequest;
 
 /**
  * {@link ComputerLauncher} through a remote login mechanism like ssh/rsh.
@@ -79,7 +84,7 @@ public CommandLauncher(String command) {
         agentCommand = command;
         env = null;
         // TODO add withKey if we can determine the Slave.nodeName being configured
-        ScriptApproval.get().configuring(command, SystemCommandLanguage.get(), ApprovalContext.create().withCurrentUser());
+        ScriptApproval.get().configuring(command, SystemCommandLanguage.get(), ApprovalContext.create().withCurrentUser(), Stapler.getCurrentRequest() == null);
     }
 
     /** Constructor for programmatic use. Always approves the script.
@@ -102,7 +107,7 @@ public CommandLauncher(String command, EnvVars env) {
     }
 
     private Object readResolve() {
-        ScriptApproval.get().configuring(agentCommand, SystemCommandLanguage.get(), ApprovalContext.create());
+        ScriptApproval.get().configuring(agentCommand, SystemCommandLanguage.get(), ApprovalContext.create(), true);
         return this;
     }
 
@@ -220,15 +225,29 @@ private static void reportProcessTerminated(Process proc, TaskListener listener)
 
     @Extension @Symbol("command")
     public static class DescriptorImpl extends Descriptor<ComputerLauncher> {
+
+        @Override
+        public ComputerLauncher newInstance(@Nullable StaplerRequest req, @NonNull JSONObject formData) throws FormException {
+            CommandLauncher instance = (CommandLauncher) super.newInstance(req, formData);
+            if (formData.get("oldCommand") != null) {
+                String oldCommand = formData.getString("oldCommand");
+                boolean approveIfAdmin = !StringUtils.equals(oldCommand, instance.agentCommand);
+                if (approveIfAdmin) {
+                    ScriptApproval.get().configuring(instance.agentCommand, SystemCommandLanguage.get(),
+                            ApprovalContext.create().withCurrentUser(), true);
+                }
+            }
+            return instance;
+        }
         public String getDisplayName() {
             return org.jenkinsci.plugins.command_launcher.Messages.CommandLauncher_displayName();
         }
 
-        public FormValidation doCheckCommand(@QueryParameter String value) {
+        public FormValidation doCheckCommand(@QueryParameter String value, @QueryParameter String oldCommand) {
             if(Util.fixEmptyAndTrim(value)==null)
                 return FormValidation.error(org.jenkinsci.plugins.command_launcher.Messages.CommandLauncher_NoLaunchCommand());
             else
-                return ScriptApproval.get().checking(value, SystemCommandLanguage.get());
+                return ScriptApproval.get().checking(value, SystemCommandLanguage.get(), !StringUtils.equals(value, oldCommand));
         }
     }
 }
@@ -24,6 +24,7 @@ THE SOFTWARE.
 
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
+  <input type="hidden" name="oldCommand" value="${instance.command}"/>
   <f:entry title="${%Launch command}" field="command">
     <f:textbox />
   </f:entry>

@@ -24,6 +24,7 @@ THE SOFTWARE.
 
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
+  <input type="hidden" name="oldCommand" value="${instance.command}"/>
   <f:entry title="${%Launch command}" field="command">
     <f:textbox />
   </f:entry>