From 4546aa7dd7161ef31e71fe3dbe27edd4d4e1c522 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCrkan=20G=C3=BCr?= Date: Wed, 22 Sep 2021 12:01:44 +0200 Subject: [PATCH 1/2] Include hidden warnings too on Jenkins --- src/check_plugin_vulnerability.py | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/check_plugin_vulnerability.py b/src/check_plugin_vulnerability.py index 93b5dcf6..e34ee47c 100755 --- a/src/check_plugin_vulnerability.py +++ b/src/check_plugin_vulnerability.py @@ -28,12 +28,20 @@ import requests from sys import exit -SCRIPT = ( - 'def warnings_monitor = new jenkins.security.UpdateSiteWarningsMonitor()\n' # NOQA E501 Don't wrap because of groovy code - 'def plugin_vulnerabilities = warnings_monitor.getActivePluginWarningsByPlugin()\n' # NOQA E501 Don't wrap because of groovy code - 'def critical_plugins = plugin_vulnerabilities.keySet()*.longName\n' - 'print(new groovy.json.JsonBuilder(critical_plugins))' -) +SCRIPT = """ + import jenkins.security.* + ExtensionList configurations = ExtensionList.lookup(UpdateSiteWarningsConfiguration.class); + UpdateSiteWarningsConfiguration configuration = configurations.get(0); + problematic_plugins = [] + current_warnings = configuration.getApplicableWarnings() + current_warnings.each { + if (it.type.name() == 'PLUGIN') { + problematic_plugins.add(it.component) + } + } + print(new groovy.json.JsonBuilder(problematic_plugins.unique())) +""" # NOQA E501 Don't wrap because of groovy code + IGNORE_FILE = '/etc/nagios-plugins/check_plugin_vulnerability_ignore' From cf902d1c00af968d035660a9c42de41d8e0bd98a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCrkan?= <307899+seqizz@users.noreply.github.com> Date: Fri, 3 Jun 2022 14:58:40 +0200 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Frederik Bauer --- src/check_plugin_vulnerability.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/check_plugin_vulnerability.py b/src/check_plugin_vulnerability.py index e34ee47c..83039e89 100755 --- a/src/check_plugin_vulnerability.py +++ b/src/check_plugin_vulnerability.py @@ -3,7 +3,7 @@ This scripts checks the Jenkins Plugins for security issues -Copyright (c) 2021 InnoGames GmbH +Copyright (c) 2022 InnoGames GmbH """ # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -29,17 +29,19 @@ from sys import exit SCRIPT = """ - import jenkins.security.* + import jenkins.security.UpdateSiteWarningsConfiguration + import jenkins.security.ExtensionList + import groovy.json.JsonBuilder ExtensionList configurations = ExtensionList.lookup(UpdateSiteWarningsConfiguration.class); UpdateSiteWarningsConfiguration configuration = configurations.get(0); - problematic_plugins = [] - current_warnings = configuration.getApplicableWarnings() + def problematic_plugins = [] + def current_warnings = configuration.getApplicableWarnings() current_warnings.each { if (it.type.name() == 'PLUGIN') { problematic_plugins.add(it.component) } } - print(new groovy.json.JsonBuilder(problematic_plugins.unique())) + print(new JsonBuilder(problematic_plugins.unique())) """ # NOQA E501 Don't wrap because of groovy code IGNORE_FILE = '/etc/nagios-plugins/check_plugin_vulnerability_ignore'