search

jenkinsci / poll-mailbox-trigger-plugin

A Jenkins plugin, to poll an email inbox, and trigger jobs based on new emails.
https://plugins.jenkins.io/poll-mailbox-trigger-plugin/
MIT License
40 stars 32 forks source link

Security #17

Closed rpiskule closed 6 years ago

rpiskule commented 8 years ago

There needs to be some way to filter out which e-mails are allowed to trigger jobs.

For example, it would be super useful if you could pass in the TOKEN as a parameter (on the e-mail), and then run the job as the user who owns the token.

That way, you could have access based permissions on the jobs. Right now, anyone who sends an e-mail has access to all of the jobs.

(P.S. Great work on the plugin so far)

nickgrealy commented 8 years ago

Hi @rpiskule,

Thanks for your suggestion! As much as I'd like to implement this, I won't have the bandwidth for quite sometime.

In the meantime, there is a workaround you could use (since 1.023):

Add a job parameter of type 'Choice', with key value pmt_from and choices matching only the user's emails, "allowed to trigger" the job.

If someone tries to trigger a job, and doesn't belong to the list, the polling will fail with "Option is not a valid choice value."

See also: https://github.com/jenkinsci/poll-mailbox-trigger-plugin/issues/5

vijaychandra24 commented 6 years ago

is this working as i am getting Replacing default parameter 'pmt_from' with value 'xxxx@gmail.com' [ERROR] - Error occurred starting job - Illegal choice for parameter pmt_from: xxxx@gmail.com [ERROR] - java.lang.IllegalArgumentException: Illegal choice for parameter pmt_from: xxxx@gmail.com at hudson.model.ChoiceParameterDefinition.checkValue(ChoiceParameterDefinition.java:80) at hudson.model.ChoiceParameterDefinition.createValue(ChoiceParameterDefinition.java:92) at hudson.model.ChoiceParameterDefinition.createValue(ChoiceParameterDefinition.java:20) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.getParameterizedParams(PollMailboxTrigger.java:532) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.startJob(PollMailboxTrigger.java:472) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.checkForEmails(PollMailboxTrigger.java:315) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.checkIfModified(PollMailboxTrigger.java:458) at org.jenkinsci.lib.xtrigger.AbstractTrigger$Runner.run(AbstractTrigger.java:198) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)

nickgrealy commented 6 years ago

@vijaychandra24 - can you provide more information? In your Jenkins Job configuration, do you have a job parameter named "pmt_from"? What type is it? What is it's default value? What values does it allow?

vijaychandra24 commented 6 years ago

Nick thanks for quick response , **i figured out the issue the choice parameter are case sensitive my sender email look XXX@GITHUB.COM where as value i wrote is XXX@github.com .. it's working now sorry for any inconvenience .

do you have a job parameter named "pmt_from"? - Yes created a choice parameter Name - pmt_from Choice - list of all email ( the idea is to trigger job only if send match this list and Advanced email parameters Default value - xxxx@gmail.com ( I have masked the email with xxx) What values does it allow ? some other emails like xxx1@gmail.com ..

Replacing default parameter 'pmt_from' with value 'xxxx@gmail.com' [ERROR] - Error occurred starting job - Illegal choice for parameter pmt_from: xxxx@gmail.com [ERROR] - java.lang.IllegalArgumentException: Illegal choice for parameter pmt_from: xxxx@ADP.com at hudson.model.ChoiceParameterDefinition.checkValue(ChoiceParameterDefinition.java:80) at hudson.model.ChoiceParameterDefinition.createValue(ChoiceParameterDefinition.java:92) at hudson.model.ChoiceParameterDefinition.createValue(ChoiceParameterDefinition.java:20) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.getParameterizedParams(PollMailboxTrigger.java:532) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.startJob(PollMailboxTrigger.java:472) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.checkForEmails(PollMailboxTrigger.java:315) at org.jenkinsci.plugins.pollmailboxtrigger.PollMailboxTrigger.checkIfModified(PollMailboxTrigger.java:458) at org.jenkinsci.lib.xtrigger.AbstractTrigger$Runner.run(AbstractTrigger.java:198) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)

nickgrealy commented 6 years ago

Hi @vijaychandra24, just confirming, can I close this issue now?

vijaychandra24 commented 6 years ago

Hi Nick ,

Yes , thanks once again for your support