awslabs / aws-codepipeline-plugin-for-jenkins

Use this plugin to integrate your Jenkins project with a pipeline in AWS CodePipeline. For more information and step-by-step directions on how to install and configure this plugin, follow the Four Stage Pipeline Tutorial. http://docs.aws.amazon.com/codepipeline/latest/userguide/getting-started-4.html
Apache License 2.0
82 stars 68 forks source link

0.36 zip extraction is broken #32

Closed jannon closed 4 years ago

jannon commented 6 years ago

It looks like the code that was added to prevent extracting files outside of the workspace in 0.36 is broken.

The following error occurs on a valid zip file build artifact:

[AWS CodePipeline Plugin] Detected compression type: Zip
[AWS CodePipeline Plugin] Successfully downloaded artifact from AWS CodePipeline
[AWS CodePipeline Plugin] Extracting '/var/lib/jenkins/jobs/MyProject/workspace/UUWPDJm.zip' to '/var/lib/jenkins/jobs/MyProject/workspace'
[AWS CodePipeline Plugin] Failed to acquire artifacts: The compressed input file contains files targeting an invalid destination: ./
[AWS CodePipeline Plugin] Stacktrace:
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.ExtractionTools.getDestinationFile(ExtractionTools.java:114)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.ExtractionTools.extractZipFile(ExtractionTools.java:70)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.ExtractionTools.extractZip(ExtractionTools.java:46)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.ExtractionTools.decompressFile(ExtractionTools.java:176)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.DownloadCallable.downloadAndExtract(DownloadCallable.java:127)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.DownloadCallable.invoke(DownloadCallable.java:87)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.DownloadCallable.invoke(DownloadCallable.java:36)
[AWS CodePipeline Plugin] hudson.FilePath.act(FilePath.java:1095)
[AWS CodePipeline Plugin] hudson.FilePath.act(FilePath.java:1078)
[AWS CodePipeline Plugin] com.amazonaws.codepipeline.jenkinsplugin.AWSCodePipelineSCM.checkout(AWSCodePipelineSCM.java:234)
[AWS CodePipeline Plugin] hudson.model.AbstractProject.checkout(AbstractProject.java:1208)
[AWS CodePipeline Plugin] hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:574)
[AWS CodePipeline Plugin] jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
[AWS CodePipeline Plugin] hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:499)
[AWS CodePipeline Plugin] hudson.model.Run.execute(Run.java:1798)
[AWS CodePipeline Plugin] hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
[AWS CodePipeline Plugin] hudson.model.ResourceController.execute(ResourceController.java:97)
[AWS CodePipeline Plugin] hudson.model.Executor.run(Executor.java:429)

Upon reverting to 0.35, the build step executes successfully.

My guess is that the call to zipFile.getEntries() returns something the author did not intend

belltimo commented 6 years ago

Thanks for submitting an issue.

Is it possible for you to send the zip artifact to me so I can replicate the issue?

Email me at @ amazon.com.

What is producing the input artifact? Is it a source action like CodeCommit or GitHub?

galmeida commented 6 years ago

Hi @jannon,

that problem should be fixed in version 0.38, can you please update the plugin and try again?