Page MenuHomePhabricator
Create Task
Maniphest T213956

JENKINS-2111 path sanitization ineffective when using legacy Workspace Root Directory
Closed, ResolvedPublic
Actions

Description

Spotted in the Jenkins logs:

Jan 16 19:29:24 contint1001 jenkins[30762]: WARNING: [jenkins.branch.WorkspaceLocatorImpl getWorkspaceRoot]
JENKINS-2111 path sanitization ineffective when using legacy Workspace Root Directory
‘/srv/jenkins/workspace/${ITEM_FULL_NAME}’; switch to ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} as in JENKINS-8446 / JENKINS-21942

Upstream tasks:

Related Objects

Event Timeline

hashar created this task.Jan 16 2019, 7:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 16 2019, 7:32 PM
hashar merged a task: T217791: Jenkins warning JENKINS-2111 path sanitization ineffective.May 6 2019, 12:41 PM
hashar added subscribers: Paladox, greg.
hashar triaged this task as Low priority.Aug 22 2019, 9:07 AM
hashar added a project: Release-Engineering-Team-TODO.
hashar added a comment.Aug 22 2019, 9:48 AM

https://integration.wikimedia.org/ci/configure has:

Home directory/var/lib/jenkins

The error comes from the branch api plugin: https://github.com/jenkinsci/branch-api-plugin

src/main/java/jenkins/branch/WorkspaceLocatorImpl.java
public class WorkspaceLocatorImpl extends WorkspaceLocator {

...

    private static final Pattern GOOD_RAW_WORKSPACE_DIR = Pattern.compile("(.+)[/\\\\][$][{]ITEM_FULL_?NAME[}][/\\\\]?");
    static @CheckForNull FilePath getWorkspaceRoot(Node node) {
        if (node instanceof Jenkins) {
            Matcher m = GOOD_RAW_WORKSPACE_DIR.matcher(((Jenkins) node).getRawWorkspaceDir());
            if (m.matches()) {
                return new FilePath(new File(m.group(1).replace("${JENKINS_HOME}", ((Jenkins) node).getRootDir().getAbsolutePath())));
            } else {
                LOGGER.log(Level.WARNING, "JENKINS-2111 path sanitization ineffective when using legacy Workspace Root Directory ‘{0}’; switch to ‘$'{'JENKINS_HOME'}'/workspace/$'{'ITEM_FULL_NAME'}'’ as in JENKINS-8446 / JENKINS-21942", ((Jenkins) node).getRawWorkspaceDir());
                return null;
            }
        } else if (node instanceof Slave) {
            return ((Slave) node).getWorkspaceRoot();
        } else {
            LOGGER.log(Level.WARNING, "Unrecognized node {0} of {1}", new Object[] {node, node.getClass()});
            return null;
        }
    }

So apparently we have /srv/jenkins/workspace/${ITEM_FULL_NAME} not being matched by (.+)[/\\\\][$][{]ITEM_FULL_?NAME[}][/\\\\]?.

hashar added a comment.Aug 22 2019, 9:53 AM

The directory comes from a java system parameter used to start Jenkins:

-Djenkins.model.Jenkins.workspacesDir=/srv/jenkins/workspace/${ITEM_FULL_NAME}

Which I guess is used by the master node. And indeed the parameter has been added in 2018 by 2a7444c67b1d961878d9b6f8462ed1f4728547fa for T200953:

jenkins: add workspacesDir system property

This option was removed from the UI and needs to be set for a select few jobs that must run on contint1001.

hieradata/role/common/ci/master.yaml
profile::ci::jenkins::workspaces_dir: '/srv/jenkins/workspace/${ITEM_FULL_NAME}'
modules/jenkins/manifests/init.pp
"-Djenkins.model.Jenkins.workspacesDir=${workspaces_dir_for_systemd}"
hashar updated the task description. (Show Details)Aug 22 2019, 9:55 AM
hashar closed this task as Resolved.Aug 22 2019, 11:26 AM
hashar claimed this task.
hashar added a project: Release-Engineering-Team (CI & Testing services).

7e08181a3ef48886d01b7019b98a29391f0790d9

[JENKINS-54654] WorkspaceLocatorImpl.getWorkspaceRoot did not handle paths using ${ITEM_FULL_NAME} but not ${JENKINS_HOME}

https://issues.jenkins-ci.org/browse/JENKINS-54654

Released with branch api plugin 2.1.2 and we have 2.5.2

I have looked at the logs on contint1001 and the message no more show up.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL