Created
November 25, 2020 17:35
-
-
Save jonesbusy/9f0da1bc257eab9ae8f07c18b764e9ac to your computer and use it in GitHub Desktop.
Check if a Jenkins plugin or its dependencies are vulnerable
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def static isPluginVulnerable(name) { | |
def plugins = [:] | |
// Push all plugins from all update site | |
jenkins.model.Jenkins.instance.updateCenter.sites.each {plugins += it.data.plugins} | |
def plugin = plugins[name] | |
// Ignore | |
if (!plugin) { | |
println("Plugin '${name}' doesn't exists. Nothing to do.") | |
return false | |
} | |
// Any warning | |
if (plugin.warnings) { | |
return true | |
} | |
// Let's be recursive, we should not have any circular dependencies | |
def vulnerable = false | |
plugin.dependencies.each { dependencyName, dependencyVersion -> | |
if (isPluginVulnerable(dependencyName)) { | |
vulnerable = true | |
} | |
} | |
return vulnerable | |
} | |
// Examples | |
println isPluginVulnerable('git') | |
println isPluginVulnerable('envinject') | |
println isPluginVulnerable('jenkins-multijob-plugin') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment