[enable-csrf-protection] enable csrf protection

Jimmy-Xu · Jimmy-Xu · commit 177fe7793d88 · 2018-11-22T12:36:12.000+08:00
diff --git a/Dockerfile b/Dockerfile
@@ -51,6 +51,7 @@ RUN mkdir -p /var/lib/jenkins/init.groovy.d
 COPY groovy/disableSetupWizard/basic-security.groovy /var/lib/jenkins/init.groovy.d/basic-security.groovy
 COPY groovy/initJenkinsURL/setup-jenkins-script.groovy /var/lib/jenkins/init.groovy.d/setup-jenkins-script.groovy
 COPY groovy/disableStrictVerification/set-strict-verification.groovy /var/lib/jenkins/init.groovy.d/set-strict-verification.groovy
+COPY groovy/CSRFProtection/enabling-csrf-protection.groovy /var/lib/jenkins/init.groovy.d/enabling-csrf-protection.groovy
 RUN echo $JENKINS_VERSION > /var/lib/jenkins/jenkins.install.UpgradeWizard.state
 
 # replace the original jenkins.sh
diff --git a/Dockerfile.template b/Dockerfile.template
@@ -51,6 +51,7 @@ RUN mkdir -p /var/lib/jenkins/init.groovy.d
 COPY groovy/disableSetupWizard/basic-security.groovy /var/lib/jenkins/init.groovy.d/basic-security.groovy
 COPY groovy/initJenkinsURL/setup-jenkins-script.groovy /var/lib/jenkins/init.groovy.d/setup-jenkins-script.groovy
 COPY groovy/disableStrictVerification/set-strict-verification.groovy /var/lib/jenkins/init.groovy.d/set-strict-verification.groovy
+COPY groovy/CSRFProtection/enabling-csrf-protection.groovy /var/lib/jenkins/init.groovy.d/enabling-csrf-protection.groovy
 RUN echo $JENKINS_VERSION > /var/lib/jenkins/jenkins.install.UpgradeWizard.state
 
 # replace the original jenkins.sh
diff --git a/README.md b/README.md
@@ -137,7 +137,8 @@ Trigger build manually in this demo.
 ## 2018/11/22
 - update jenkins from 2.19.4 to 2.138.3
 - update hyper-slaves-plugin to 0.1.11 (add -workDir for slave.jar)
-- add groovy/disableStrictVerification (ref https://issues.jenkins-ci.org/browse/JENKINS-41384)
+- add groovy/disableStrictVerification (ref https://issues.jenkins-ci.org/browse/JENKINS-41384?filter=10244)
+- add groovy/CSRFProtection (ref https://wiki.jenkins.io/display/JENKINS/CSRF+Protection)
 
 ## 2017/01/11
 - update jenkins from 2.19.3 to 2.19.4
diff --git a/groovy/CSRFProtection/enabling-csrf-protection.groovy b/groovy/CSRFProtection/enabling-csrf-protection.groovy
@@ -0,0 +1,8 @@
+#!groovy
+
+import hudson.security.csrf.DefaultCrumbIssuer
+import jenkins.model.Jenkins
+
+def instance = Jenkins.instance
+instance.setCrumbIssuer(new DefaultCrumbIssuer(true))
+instance.save()
diff --git a/script/jenkins.sh b/script/jenkins.sh
@@ -112,17 +112,13 @@ EOF
   echo "==============================="
 fi
 
-#copy setup-jenkins-script.groovy
-if [ -f /var/lib/jenkins/init.groovy.d/setup-jenkins-script.groovy ];then
-  echo "override setup-jenkins-script.groovy"
-  cp -rf /var/lib/jenkins/init.groovy.d/setup-jenkins-script.groovy $JENKINS_HOME/init.groovy.d/
-fi
-
-#copy set-strict-verification.groovy
-if [ -f /var/lib/jenkins/init.groovy.d/set-strict-verification.groovy ];then
-  echo "override set-strict-verification.groovy"
-  cp -rf /var/lib/jenkins/init.groovy.d/set-strict-verification.groovy $JENKINS_HOME/init.groovy.d/
-fi
+for f in setup-jenkins-script.groovy set-strict-verification.groovy  enabling-csrf-protection.groovy
+do
+  if [ -f /var/lib/jenkins/init.groovy.d/$f ];then
+    echo "override $f"
+    cp -rf /var/lib/jenkins/init.groovy.d/$f $JENKINS_HOME/init.groovy.d/
+  fi
+done
 ###############################
 
 
