Jenkins groovy setup for security warnings

1
votes

How to Disable the visualization of Injected Environment variables in Jenkins

to solve Jenkins security alert - https://jenkins.io/security/advisory/2018-02-26/#SECURITY-248

I update my groovy setup script with 

import jenkins.model.*;
import org.jenkinsci.plugins.envinject.*

EnvInjectPluginConfiguration envInject = GlobalConfiguration.all().get(EnvInjectPluginConfiguration.class)
envInject.setHideInjectedVars(true)

I couldn't find a way to set the second part of the solution Go to the Jenkins instance, from Configure Global Security under Environment Injector Plugin check Do not show injected variables. via groovy

any idea how to make it work

1
jenkinsgroovyjenkins-groovy
Sure you are checking in the correct place? I have taken a look on our Jenkins and found it quite quickly https://<jenkins_url>/configureSecurity/ and found a section called Environment Injector PluginSunvic
I find this one , wanted that my groovy script will update this value.Mor Lajb

1 Answers

2
votes

here is the groovy script to setup this issue

import jenkins.model.*;
import org.jenkinsci.plugins.envinject.*

EnvInjectPluginConfiguration envInject = GlobalConfiguration.all().get(EnvInjectPluginConfiguration.class)
envInject.setHideInjectedVars(true)

// update warnings
import jenkins.security.*

ExtensionList<UpdateSiteWarningsConfiguration> configurations = ExtensionList.lookup(UpdateSiteWarningsConfiguration.class);
println configurations

UpdateSiteWarningsConfiguration configuration = configurations.get(0);
HashSet<UpdateSite.Warning> activeWarnings = new HashSet<>();

activeWarnings.add('SECURITY-248')

configuration.ignoredWarnings = activeWarnings

configuration.save()