[JENKINS-75679] Reproduced FilePathPickle usage in test

jglick · jglick · commit 3d414a8a4f90 · 2025-05-28T14:57:46.000-04:00
diff --git a/src/test/java/org/jenkinsci/plugins/docker/workflow/RegistryEndpointStepTest.java b/src/test/java/org/jenkinsci/plugins/docker/workflow/RegistryEndpointStepTest.java
@@ -59,28 +59,38 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.Issue;
-import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.MockAuthorizationStrategy;
 import org.jvnet.hudson.test.MockQueueItemAuthenticator;
 import org.jvnet.hudson.test.TestExtension;
 import org.kohsuke.stapler.DataBoundConstructor;
 
 import java.io.Serializable;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.util.Set;
 import java.util.logging.Level;
+import org.apache.commons.text.StringEscapeUtils;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.not;
 import org.jenkinsci.plugins.structs.describable.DescribableModel;
+import org.jenkinsci.plugins.workflow.support.pickles.FilePathPickle;
+import org.jenkinsci.plugins.workflow.test.steps.SemaphoreStep;
+import org.junit.ClassRule;
 import org.jvnet.hudson.test.BuildWatcher;
+import org.jvnet.hudson.test.JenkinsSessionRule;
 import org.jvnet.hudson.test.LoggerRule;
 
 public class RegistryEndpointStepTest {
 
-    @Rule public JenkinsRule r = new JenkinsRule();
+    @Rule public final JenkinsSessionRule rr = new JenkinsSessionRule();
     @Rule public LoggerRule logging = new LoggerRule();
-    @Rule public BuildWatcher bw = new BuildWatcher();
+    @ClassRule public static BuildWatcher bw = new BuildWatcher();
 
     @Issue("JENKINS-51395")
-    @Test public void configRoundTrip() throws Exception {
+    @Test public void configRoundTrip() throws Throwable {
         logging.record(DescribableModel.class, Level.FINE);
+        rr.then(r -> {
         { // Recommended syntax.
             SnippetizerTester st = new SnippetizerTester(r);
             RegistryEndpointStep step = new RegistryEndpointStep(new DockerRegistryEndpoint("https://myreg/", null));
@@ -116,12 +126,14 @@ public class RegistryEndpointStepTest {
             assertEquals("registryCreds", registry.getCredentialsId());
             // TODO check toolName
         }
+        });
     }
 
     @Test
-    public void stepExecutionWithCredentials() throws Exception {
+    public void stepExecutionWithCredentials() throws Throwable {
         assumeNotWindows();
 
+        rr.then(r -> {
         IdCredentials registryCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "registryCreds", null, "me", "s3cr3t");
         CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), registryCredentials);
 
@@ -137,12 +149,14 @@ public void stepExecutionWithCredentials() throws Exception {
         r.assertBuildStatusSuccess(r.waitForCompletion(b));
         r.assertLogContains("docker login -u me -p ******** https://my-reg:1234", b);
         r.assertLogNotContains("s3cr3t", b);
+        });
     }
 
     @Test
-    public void stepExecutionWithCredentialsAndQueueItemAuthenticator() throws Exception {
+    public void stepExecutionWithCredentialsAndQueueItemAuthenticator() throws Throwable {
         assumeNotWindows();
 
+        rr.then(r -> {
         r.getInstance().setSecurityRealm(r.createDummySecurityRealm());
         MockAuthorizationStrategy auth = new MockAuthorizationStrategy()
                 .grant(Jenkins.READ).everywhere().to("alice", "bob")
@@ -181,6 +195,39 @@ public void stepExecutionWithCredentialsAndQueueItemAuthenticator() throws Excep
 
         // Bob does not have Credentials.USE_ITEM permission and should not be able to use the credential.
         r.assertBuildStatus(Result.FAILURE, p2.scheduleBuild2(0));
+        });
+    }
+
+    @Issue("JENKINS-75679")
+    @Test public void noFilePathPickle() throws Throwable {
+        assumeNotWindows();
+        rr.then(r -> {
+            var registryCredentials = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "registryCreds", null, "me", "s3cr3t");
+            CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), registryCredentials);
+            var p = r.createProject(WorkflowJob.class, "p");
+            p.setDefinition(new CpsFlowDefinition(
+                    """
+                    node {
+                      mockDockerLogin {
+                        withDockerRegistry(url: 'https://my-reg:1234', credentialsId: 'registryCreds') {
+                          semaphore 'wait'
+                        }
+                      }
+                    }
+                    """, true));
+            var b = p.scheduleBuild2(0).waitForStart();
+            SemaphoreStep.waitForStart("wait/1", b);
+        });
+        @SuppressWarnings("deprecation")
+        var verboten = FilePathPickle.class.getName();
+        assertThat(StringEscapeUtils.escapeJava(Files.readString(rr.getHome().toPath().resolve("jobs/p/builds/1/program.dat"), StandardCharsets.ISO_8859_1)), not(containsString(verboten)));
+        rr.then(r -> {
+            var b = r.jenkins.getItemByFullName("p", WorkflowJob.class).getBuildByNumber(1);
+            SemaphoreStep.success("wait/1", null);
+            r.assertBuildStatusSuccess(r.waitForCompletion(b));
+            r.assertLogContains("docker login -u me -p ******** https://my-reg:1234", b);
+            r.assertLogNotContains("s3cr3t", b);
+        });
     }
 
     public static class MockLauncherStep extends Step {
