[SECURITY-1945]

jenkinsci · Jul 6, 2020 · 11f4a35 · 11f4a35
1 parent e7443ef
commit 11f4a35
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/core/src/main/java/hudson/console/HyperlinkNote.java b/core/src/main/java/hudson/console/HyperlinkNote.java
@@ -25,6 +25,7 @@
 
 import hudson.Extension;
 import hudson.MarkupText;
+import hudson.Util;
 import jenkins.model.Jenkins;
 import org.jenkinsci.Symbol;
 import org.kohsuke.accmod.Restricted;
@@ -69,7 +70,7 @@ public ConsoleAnnotator annotate(Object context, MarkupText text, int charPos) {
                 url = Jenkins.get().getRootUrl()+url.substring(1);
             }
         }
-        text.addMarkup(charPos, charPos + length, "<a href='" + url + "'"+extraAttributes()+">", "</a>");
+        text.addMarkup(charPos, charPos + length, "<a href='" + Util.escape(url) + "'"+extraAttributes()+">", "</a>");
         return null;
     }
 

diff --git a/test/src/test/java/hudson/console/HyperlinkNoteTest.java b/test/src/test/java/hudson/console/HyperlinkNoteTest.java
@@ -24,11 +24,16 @@
 
 package hudson.console;
 
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import hudson.model.FreeStyleBuild;
 import hudson.model.FreeStyleProject;
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 import java.nio.charset.StandardCharsets;
+
+import hudson.model.Result;
+import hudson.tasks.BuildTrigger;
 import org.apache.commons.io.IOUtils;
 import org.junit.Rule;
 import org.junit.Test;
@@ -73,6 +78,19 @@ public void textWithNewlinesModelHyperlinkNote() throws Exception {
                 containsString(">" + noteTextSanitized + "</a>")));
     }
 
+    @Test
+    public void textWithSingleQuote() throws Exception {
+        FreeStyleProject upstream = r.createFreeStyleProject("upstream");
+        r.createFreeStyleProject("d0wnstr3'am");
+        upstream.getPublishersList().add(new BuildTrigger("d0wnstr3'am", Result.SUCCESS));
+        r.jenkins.rebuildDependencyGraph();
+        FreeStyleBuild b = r.buildAndAssertSuccess(upstream);
+        r.waitUntilNoActivity();
+        HtmlPage rsp = r.createWebClient().goTo(b.getUrl()+"console");
+        assertThat(rsp.querySelector(".console-output").asText(), containsString("Triggering a new build of"));
+        assertThat(String.valueOf(rsp.getAnchorByText("d0wnstr3'am").click().getWebResponse().getStatusCode()), containsString("200"));
+    }
+
     private static String annotate(String text) throws IOException {
         StringWriter writer = new StringWriter();
         try (ConsoleAnnotationOutputStream out = new ConsoleAnnotationOutputStream(writer, null, null, StandardCharsets.UTF_8)) {