Fixed SECURITY-2266

Author: sunweisheng

custom-checkbox-parameter.iml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.jenkins-ci.plugins</groupId>
         <artifactId>plugin</artifactId>
-        <version>4.0</version>
+        <version>4.16</version>
         <relativePath />
     </parent>
     <groupId>io.jenkins.plugins</groupId>
@@ -15,7 +15,8 @@
     <description>This plug-in can dynamically create a set of check boxes for users to check before building. The check box settings are configured through YAML or JSON files, and the file content can be obtained through HTTP, HTTPS, or file paths. After checking the check box, the user can use params['ParameterName'] in the build script to get the selected value. The result of the user's selection is returned in the form of a string separated by "," value1, value2, value3.</description>
     <url>https://github.com/jenkinsci/custom-checkbox-parameter-plugin</url>
     <properties>
-        <jenkins.version>2.164.3</jenkins.version>
+        <!--https://www.jenkins.io/doc/developer/plugin-development/updating-parent/-->
+        <jenkins.version>2.277.1</jenkins.version>
         <java.level>8</java.level>
     </properties>
     <licenses>
@@ -54,11 +55,17 @@
             <dependency>
                 <!-- Pick up common dependencies for 2.164.x: https://github.com/jenkinsci/bom#usage -->
                 <groupId>io.jenkins.tools.bom</groupId>
-                <artifactId>bom-2.164.x</artifactId>
-                <version>3</version>
+                <artifactId>bom-2.277.x</artifactId>
+                <version>26</version>
                 <scope>import</scope>
                 <type>pom</type>
             </dependency>
+            <dependency>
+                <groupId>org.apache.httpcomponents</groupId>
+                <artifactId>httpclient</artifactId>
+                <version>4.5.13</version>
+                <scope>compile</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <dependencies>
@@ -98,12 +105,6 @@
             <version>1.25</version>
             <optional>true</optional>
         </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>4.5.13</version>
-            <scope>compile</scope>
-        </dependency>
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>

pom.xml

@@ -68,9 +68,9 @@ public CheckboxParameterDefinition(String name, String description, Protocol pro
 		this.uuid = UUID.randomUUID();
 		this.protocol = protocol == null ? Protocol.HTTP_HTTPS : protocol;
 		this.format = format == null ? Format.Empty : format;
-		this.uri = uri == null ? "" : uri;
-		this.displayNodePath = displayNodePath == null ? DEFAULT_NAME_NODE : displayNodePath;
-		this.valueNodePath = valueNodePath == null ? DEFAULT_VALUE_NODE : valueNodePath;
+		this.uri = isNotBlank(uri) ? uri : "";
+		this.displayNodePath = isNotBlank(displayNodePath) ? displayNodePath : DEFAULT_NAME_NODE;
+		this.valueNodePath = isNotBlank(valueNodePath) ? valueNodePath : DEFAULT_VALUE_NODE;
 		this.submitContent="";
 		this.useInput=false;
 		this.defaultValue = "";

src/main/java/com/bluersw/CheckboxParameterDefinition.java

@@ -6,17 +6,17 @@
 	<st:adjunct includes="com.bluersw.CheckboxParameter"/>
 	<f:entry title="${it.name}" description="${it.description}">
 		<div name="parameter" id="${it.divId}" style="white-space:nowrap" >
-			<input type="hidden" name="name" value="${it.name}" />
+			<input type="hidden" name="name" value="${it.name}" id="name_${it.divId}"/>
 		<label style='padding:0 0 0 10px'><input type="checkbox" name="all_checkbox" value="checkall" class="checkbox-all"/>${%parameter.selectAll} </label>
 			<br/>
 			<div id="checkbox_div" style="width:auto;"/>
 			<div id="result_message"/>
 		</div>
 		<script type="text/javascript">
 			var parentDiv = jQuery('#${it.divId}');
+			var nameHidden = parentDiv.find('#name_${it.divId}');
 			var requestBasicUrl = "${h.getCurrentDescriptorByNameUrl()}/${it.descriptor.descriptorUrl}/";
-			var parameterName = '${it.name}';
-			initializationCheckbox(parentDiv,requestBasicUrl,parameterName);
+			initializationCheckbox(parentDiv,requestBasicUrl,nameHidden.val());
 		</script>
 	</f:entry>
 </j:jelly>

src/main/resources/com/bluersw/CheckboxParameterDefinition/index.jelly

@@ -10,6 +10,7 @@ function initializationCheckbox(parentDiv,requestBasicUrl,parameterName){
 				contentType: "application/json; charset=utf-8",
 				success: function(result){
 				for(i=0;i<result.list.length;i++){
+					if(i!=0 && i%20==0) {checkboxDiv.append("<br/><br/>")}
 					checkboxDiv.append("<label style='padding:0 0 0 10px'><input type='checkbox' " + result.list[i].checked + " name='checkbox_" + result.list[i].value  + "'>" + result.list[i].name + "</input></label>");
 				}
 					messageD.text(result.message);

src/main/resources/com/bluersw/javascript/CheckboxParameter.js

@@ -18,14 +18,13 @@ public class CheckboxParameterDefinitionTests {
 
 	@Test
 	public void testScriptedPipeline() throws Exception{
-
-		CheckboxParameterDefinition param = new CheckboxParameterDefinition(Name,description,protocol,format,uri,displayNodePath,valueNodePath,useInput);
+		CheckboxParameterDefinition param = new CheckboxParameterDefinition(name,description,protocol,format,"","","",useInput);
 		param.setDefaultValue(defaultValue);
 		WorkflowJob job = jenkins.createProject(WorkflowJob.class, "test-scripted-pipeline");
 		job.addProperty(new ParametersDefinitionProperty(param));
 		String pipelineScript
 				= "node {\n"
-				+ "  print params['my-checkbox'] \n"
+				+ "  print params['SELECT_NODES'] \n"
 				+ "}";
 		job.setDefinition(new CpsFlowDefinition(pipelineScript, true));
 		WorkflowRun completedBuild = jenkins.assertBuildStatusSuccess(job.scheduleBuild2(0));

src/test/java/com/bluersw/CheckboxParameterDefinitionTests.java

@@ -5,13 +5,10 @@
 import net.sf.json.JSONObject;
 
 public class Constants {
-	static final String Name = "my-checkbox";
+	static final String name = "SELECT_NODES";
 	static final Protocol protocol = Protocol.HTTP_HTTPS;
-	static final Format format = Format.YAML;
-	static final JSONObject useInput = JSONObject.fromObject("{useInput:{submitContent:''}}");
-	static final String uri = "https://raw.githubusercontent.com/sunweisheng/Jenkins/master/examples/example.yaml";
-	static final String displayNodePath = "//CheckboxParameter/key";
-	static final String valueNodePath = "//CheckboxParameter/value";
-	static final String description = "";
+	static final Format format = Format.JSON;
+	static final JSONObject useInput = JSONObject.fromObject("{\"submitContent\" : {\"CheckboxParameter\": [{\"key\": \"node1\",\"value\": \"node1\"},{\"key\": \"node2\",\"value\": \"node2\"},{\"key\": \"node3\",\"value\": \"node3\"},{\"key\": \"node4\",\"value\": \"node4\"}]}}");
+	static final String description = "Select nodes";
 	static final String defaultValue = "default value";
 }

src/test/java/com/bluersw/Constants.java

@@ -7,16 +7,8 @@
 public class HttpRequestTests {
 
 	@Test
-	public void  httpsGet_GitHub() throws Exception{
-		HttpRequest request = new HttpRequest("https://raw.githubusercontent.com/sunweisheng/Jenkins/master/examples/example.yaml");
-		assertNotNull(request.get());
-		assertEquals(request.getStatusLine(),"HTTP/1.1 200 OK");
-		assertEquals(request.getStatusCode(),200);
-	}
-
-	@Test
-	public void  httpsGet_Jenkins() throws Exception{
-		HttpRequest request = new HttpRequest("https://www.jenkins.io/zh/");
+	public void  httpsGet_Baidu() throws Exception{
+		HttpRequest request = new HttpRequest("https://www.baidu.com");
 		assertNotNull(request.get());
 		assertEquals(request.getStatusLine(),"HTTP/1.1 200 OK");
 		assertEquals(request.getStatusCode(),200);