package org.jenkinsci.plugins.workflow.cps;

import com.cloudbees.groovy.cps.CpsTransformer;
import hudson.Functions;
import hudson.model.Action;
import hudson.model.Computer;
import hudson.model.Describable;
import hudson.model.Executor;
import hudson.model.Result;
import hudson.model.Run;
import java.io.Serializable;
import java.lang.invoke.SerializedLambda;
import java.util.Collections;
import java.util.Set;
import java.util.logging.Level;
import jenkins.model.Jenkins;
import org.hamcrest.Matchers;
import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException;
import org.jenkinsci.plugins.scriptsecurity.scripts.Messages;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.steps.StepExecutions;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ErrorCollector;
import org.jvnet.hudson.test.BuildWatcher;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.LoggerRule;
import org.jvnet.hudson.test.TestExtension;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition2Test.class */
public class CpsFlowDefinition2Test {

    @ClassRule
    public static BuildWatcher buildWatcher = new BuildWatcher();

    @ClassRule
    public static JenkinsRule jenkins = new JenkinsRule();

    @Rule
    public LoggerRule logging = new LoggerRule();

    @Rule
    public ErrorCollector errors = new ErrorCollector();

    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition2Test$UnsafeDescribable.class */
    public interface UnsafeDescribable extends Describable<UnsafeDescribable> {
        void doSomething();
    }

    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition2Test$UnsafeParameterStep.class */
    public static class UnsafeParameterStep extends Step implements Serializable {
        private final UnsafeDescribable val;

        @TestExtension
        /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition2Test$UnsafeParameterStep$DescriptorImpl.class */
        public static class DescriptorImpl extends StepDescriptor {
            public String getFunctionName() {
                return "unsafeParameter";
            }

            public Set<? extends Class<?>> getRequiredContext() {
                return Collections.emptySet();
            }
        }

        @DataBoundConstructor
        public UnsafeParameterStep(UnsafeDescribable unsafeDescribable) {
            this.val = unsafeDescribable;
        }

        public StepExecution start(StepContext stepContext) throws Exception {
            return StepExecutions.synchronousNonBlocking(stepContext, stepContext2 -> {
                this.val.doSomething();
                return null;
            });
        }

        private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
            String implMethodName = serializedLambda.getImplMethodName();
            boolean z = -1;
            switch (implMethodName.hashCode()) {
                case 1549156807:
                    if (implMethodName.equals("lambda$start$60c472c8$1")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("org/jenkinsci/plugins/workflow/steps/StepExecutions$SynchronousBody") && serializedLambda.getFunctionalInterfaceMethodName().equals("call") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/jenkinsci/plugins/workflow/steps/StepContext;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition2Test$UnsafeParameterStep") && serializedLambda.getImplMethodSignature().equals("(Lorg/jenkinsci/plugins/workflow/steps/StepContext;)Ljava/lang/Object;")) {
                        UnsafeParameterStep unsafeParameterStep = (UnsafeParameterStep) serializedLambda.getCapturedArg(0);
                        return stepContext2 -> {
                            this.val.doSomething();
                            return null;
                        };
                    }
                    break;
            }
            throw new IllegalArgumentException("Invalid lambda deserialization");
        }
    }

    @Test
    public void endlessRecursion() throws Exception {
        Assume.assumeTrue(!Functions.isWindows());
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def getThing(){return thing == null}; \nnode { echo getThing(); } ", true));
        jenkins.assertLogContains("look for unbounded recursion", jenkins.assertBuildStatus(Result.FAILURE, (Run) createProject.scheduleBuild2(0, new Action[0]).get()));
        Assert.assertTrue("No queued FlyWeightTask for job should remain after failure", jenkins.jenkins.getQueue().isEmpty());
        for (Computer computer : jenkins.jenkins.getComputers()) {
            for (Executor executor : computer.getExecutors()) {
                if (executor.isBusy()) {
                    Assert.fail(executor.getCurrentExecutable().toString());
                }
            }
        }
    }

    @Test
    public void endlessRecursionNonCPS() throws Exception {
        Assume.assumeTrue(!Functions.isWindows());
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("@NonCPS def getThing(){return thing == null}; \nnode { echo getThing(); } ", true));
        jenkins.assertBuildStatus(Result.FAILURE, (Run) createProject.scheduleBuild2(0, new Action[0]).get());
        Assert.assertTrue("No queued FlyWeightTask for job should remain after failure", jenkins.jenkins.getQueue().isEmpty());
        for (Computer computer : jenkins.jenkins.getComputers()) {
            for (Executor executor : computer.getExecutors()) {
                if (executor.isBusy()) {
                    Assert.fail(executor.getCurrentExecutable().toString());
                }
            }
        }
    }

    @Test
    public void configRoundTrip() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("echo 'whatever'", false));
        jenkins.configRoundtrip(createProject);
    }

    @Test
    public void fieldInitializers() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class X {final String val; X(String _val) {val = _val}}; echo(/hello ${new X('world').val}/)", true));
        jenkins.assertLogContains("hello world", jenkins.buildAndAssertSuccess(createProject));
        createProject.setDefinition(new CpsFlowDefinition("class X {String world = 'world'; String message = 'hello ' + world}; echo(new X().message)", true));
        jenkins.assertLogContains("hello world", jenkins.buildAndAssertSuccess(createProject));
    }

    @Test
    public void superCallsSandboxed() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class X extends groovy.json.JsonSlurper {def parse(url) {super.parse(new URL(url))}}; echo(/got ${new X().parse(\"${JENKINS_URL}api/json\")}/)", true));
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.json.JsonSlurper parse java.net.URL", jenkins.assertBuildStatus(Result.FAILURE, (Run) createProject.scheduleBuild2(0, new Action[0]).get()));
        createProject.setDefinition(new CpsFlowDefinition("class X extends groovy.json.JsonSlurper {def m(url) {super.parse(new URL(url))}}; echo(/got ${new X().m(\"${JENKINS_URL}api/json\")}/)", true));
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.json.JsonSlurper parse java.net.URL", jenkins.assertBuildStatus(Result.FAILURE, (Run) createProject.scheduleBuild2(0, new Action[0]).get()));
        createProject.setDefinition(new CpsFlowDefinition("class X extends File {X(String f) {super(f)}}; echo(/got ${new X('x')}/)", true));
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.io.File java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, (Run) createProject.scheduleBuild2(0, new Action[0]).get()));
    }

    @Test
    public void sandboxInvokerUsed() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("[a: 1, b: 2].collectEntries { k, v ->\n  Jenkins.getInstance()\n  [(v): k]\n}\n", true));
        WorkflowRun assertBuildStatus = jenkins.assertBuildStatus(Result.FAILURE, (Run) createProject.scheduleBuild2(0, new Action[0]).get());
        Assert.assertThat(assertBuildStatus.getExecution().getCauseOfFailure(), Matchers.instanceOf(RejectedAccessException.class));
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", assertBuildStatus);
        jenkins.assertLogContains("Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance. " + Messages.ScriptApprovalNote_message(), assertBuildStatus);
    }

    @Test
    public void constructorSandbox() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class X {X() {Jenkins.instance.systemMessage = 'pwned'}}; new X()", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getSystemMessage());
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void fieldInitializerSandbox() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class X {def x = {Jenkins.instance.systemMessage = 'pwned'}()}; new X()", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getSystemMessage());
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void initializerSandbox() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class X {{Jenkins.instance.systemMessage = 'pwned'}}; new X()", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getSystemMessage());
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void staticInitializerSandbox() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class X {static {Jenkins.instance.systemMessage = 'pwned'}}; new X()", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getSystemMessage());
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void traitsSandbox() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("trait T {void m() {Jenkins.instance.systemMessage = 'pwned'}}; class X implements T {}; new X().m()", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getSystemMessage());
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        createProject.setDefinition(new CpsFlowDefinition("trait T {void m() {Jenkins.instance.systemMessage = 'pwned'}}; T t = new TreeSet() as T; t.m()", true));
        WorkflowRun workflowRun2 = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getSystemMessage());
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun2);
    }

    @Test
    public void typeCoercion() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("interface I {Object getInstance()}; println((Jenkins as I).instance)", true));
            WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
            Assert.assertNull(jenkins.jenkins.getSystemMessage());
            jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("interface I {Object getInstance()}; I i = {Jenkins.instance}; println(i.instance)", true));
            WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
            Assert.assertNull(jenkins.jenkins.getSystemMessage());
            jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def x = (double) Math.max(2, 3); echo(/max is $x/)", true));
            jenkins.assertLogContains("max is 3", jenkins.buildAndAssertSuccess(createProject));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def x = Math.max(2, 3) as double; echo(/max is $x/)", true));
            jenkins.assertLogContains("max is 3", jenkins.buildAndAssertSuccess(createProject));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("double x = Math.max(2, 3); echo(/max is $x/)", true));
            jenkins.assertLogContains("max is 3", jenkins.buildAndAssertSuccess(createProject));
            return null;
        });
    }

    @Test
    public void positionalConstructors() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def u = ['http://nowhere.net/'] as URL; echo(/$u/)", true));
            jenkins.buildAndAssertSuccess(createProject);
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("URL u = ['http://nowhere.net/']; echo(/$u/)", true));
            jenkins.buildAndAssertSuccess(createProject);
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def f = new File('/tmp'); echo(/$f/)", true));
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.io.File java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def f = ['/tmp'] as File; echo(/$f/)", true));
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.io.File java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("File f = ['/tmp']; echo(/$f/)", true));
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.io.File java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def f = org.codehaus.groovy.runtime.ScriptBytecodeAdapter.asType(['/tmp'], File); echo(/$f/)", true));
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.io.File java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def f = org.codehaus.groovy.runtime.ScriptBytecodeAdapter.castToType(['/tmp'], File); echo(/$f/)", true));
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter castToType java.lang.Object java.lang.Class", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
            return null;
        });
        this.errors.checkSucceeds(() -> {
            createProject.setDefinition(new CpsFlowDefinition("def f = org.kohsuke.groovy.sandbox.impl.Checker.checkedCast(File, ['/tmp'], true, false, false); echo(/$f/)", true));
            jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use new java.io.File java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
            return null;
        });
    }

    @Test
    public void methodPointers() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("println((Jenkins.&getInstance)())", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void curriedClosuresInParallel() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def example_c = { input -> node { echo \"ate $input\" } }\ndef map = [:]\nmap['spam'] = example_c.curry('spam')\nmap['eggs'] = example_c.curry('eggs')\nparallel map\n", true));
        WorkflowRun buildAndAssertSuccess = jenkins.buildAndAssertSuccess(createProject);
        jenkins.assertLogContains("ate spam", buildAndAssertSuccess);
        jenkins.assertLogContains("ate eggs", buildAndAssertSuccess);
    }

    @Test
    public void gStringInMapKey() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def s1 = \"first-${env.BUILD_NUMBER}\"\ndef s2 = \"second-${env.BUILD_NUMBER}\"\ndef m = [(s1): 'first-key',\n  \"${s2}\": 'second-key',\n  \"third-${env.BUILD_NUMBER}\": 'third-key']\nm.each { k, v -> echo \"${k}:${v}\" }\n", true));
        WorkflowRun buildAndAssertSuccess = jenkins.buildAndAssertSuccess(createProject);
        jenkins.assertLogContains("first-1:first-key", buildAndAssertSuccess);
        jenkins.assertLogContains("second-1:second-key", buildAndAssertSuccess);
        jenkins.assertLogContains("third-1:third-key", buildAndAssertSuccess);
    }

    @Test
    public void explicitSetter() throws Exception {
        WorkflowJob createProject = jenkins.jenkins.createProject(WorkflowJob.class, "p");
        createProject.setDefinition(new CpsFlowDefinition("class Foo {\n    private int a\n    void setA(int a) {\n        this.a = a\n    }\n    String getA() {\n        return a\n    }\n}\nFoo foo = new Foo()\nfoo.setA(10)\necho \"a is ${foo.getA()}\"", true));
        jenkins.assertLogContains("a is 10", jenkins.buildAndAssertSuccess(createProject));
    }

    @Test
    public void whitelistedMethodPointer() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def foo = 'lowercase'\ndef bar = foo.&toUpperCase\necho bar.call()\n", true));
        jenkins.assertLogContains("LOWERCASE", jenkins.buildAndAssertSuccess(createProject));
    }

    @Test
    public void tildePattern() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def f = ~/f.*/; f.matcher('foo').matches()", true));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void matcherTypeAssignment() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("@NonCPS\ndef nonCPSMatcherMethod(String x) {\n  java.util.regex.Matcher m = x =~ /bla/\n  return m.matches()\n}\ndef cpsMatcherMethod(String x) {\n  java.util.regex.Matcher m = x =~ /bla/\n  return m.matches()\n}\nassert !nonCPSMatcherMethod('foo')\nassert !cpsMatcherMethod('foo')\n", true));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void rhsOfDeclarationTransformedInNonCPS() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("@NonCPS\ndef willFail() {\n  jenkins.model.Jenkins x = jenkins.model.Jenkins.getInstance()\n}\nwillFail()\n", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void rhsOfDeclarationSandboxedInCPS() throws Exception {
        this.logging.record(CpsTransformer.class, Level.FINEST);
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("jenkins.model.Jenkins x = jenkins.model.Jenkins.getInstance()\n", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void booleanClosureWrapperFromDGM() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("assert ['a', 'b'].every { sleep 1; return it != null }\n", true));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void variableDecl() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("String foo", true));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void multipleAssignmentInSandbox() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def (a, b) = ['first', 'second']\ndef c, d\n(c, d) = ['third', 'fourth']\nassert a+b+c+d == 'firstsecondthirdfourth'\n", true));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void multipleAssignmentOutsideSandbox() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def (a, b) = ['first', 'second']\ndef c, d\n(c, d) = ['third', 'fourth']\nassert a+b+c+d == 'firstsecondthirdfourth'\n", false));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void multipleAssignmentFunctionCalledOnce() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("alreadyRun = false\ndef getAandB() {\n  if (!alreadyRun) {\n    alreadyRun = true\n    return ['first', 'second']\n  } else {\n    return ['bad', 'worse']\n  }\n}\ndef (a, b) = getAandB()\ndef c, d\n(c, d) = ['third', 'fourth']\nassert a+b+c+d == 'firstsecondthirdfourth'\n", true));
        jenkins.buildAndAssertSuccess(createProject);
    }

    @Test
    public void transformedSuperClass() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class Foo {\n    public String other() {\n        return 'base'\n    }\n}\nclass Bar extends Foo {\n    public String other() {\n        return 'y'+super.other()\n    }\n}\nString output = new Bar().other()\necho 'OUTPUT: ' + output\nassert output == 'ybase'\n", true));
        jenkins.assertLogContains("OUTPUT: ybase", jenkins.buildAndAssertSuccess(createProject));
    }

    @Test
    public void finalizer() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class Foo {\n    @Override public void finalize() {\n    }\n}\necho 'Should never get here'", true));
        WorkflowRun assertBuildStatus = jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0]));
        jenkins.assertLogContains("Object.finalize()", assertBuildStatus);
        jenkins.assertLogNotContains("Should never get here", assertBuildStatus);
    }

    @Test
    public void sandboxRejectsASTTransforms() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("import groovy.transform.*\nimport jenkins.model.Jenkins\nimport org.jenkinsci.plugins.workflow.job.WorkflowJob\n@ASTTest(value={ assert Jenkins.get().createProject(WorkflowJob.class, \"should-not-exist\") })\n@Field int x\necho 'hello'\n", true));
        jenkins.assertLogContains("Annotation ASTTest cannot be used in the sandbox", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        Assert.assertNull(jenkins.jenkins.getItem("should-not-exist"));
    }

    @Test
    public void blockConstructorInvocationAtRuntime() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class DoNotRunConstructor extends org.jenkinsci.plugins.workflow.cps.CpsScript {\n  DoNotRunConstructor() {\n    assert jenkins.model.Jenkins.instance.createProject(hudson.model.FreeStyleProject, 'should-not-exist')\n  }\n  Object run() {null}\n}\n", true));
        WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
        Assert.assertNull(jenkins.jenkins.getItem("should-not-exist"));
        jenkins.assertBuildStatus(Result.FAILURE, workflowRun);
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", workflowRun);
    }

    @Test
    public void scriptInitializersAtFieldSyntax() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("import groovy.transform.Field\n@Field static int foo = 1\n@Field int bar = foo + 1\n@Field int baz = bar + 1\necho(/baz is ${baz}/)", true));
        jenkins.assertLogContains("baz is 3", jenkins.buildAndAssertSuccess(createProject));
    }

    @Test
    public void scriptInitializersClassSyntax() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class MyScript extends org.jenkinsci.plugins.workflow.cps.CpsScript {\n  { MyScript.foo++ }\n  static { MyScript.foo++ }\n  static int foo = 0\n  def run() {\n    echo(/MyScript.foo is ${MyScript.foo}/)\n   }\n}\n", true));
        jenkins.assertLogContains("MyScript.foo is 2", jenkins.buildAndAssertSuccess(createProject));
    }

    @Test
    public void scriptInitializerCallsCpsTransformedMethod() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class MyScript extends org.jenkinsci.plugins.workflow.cps.CpsScript {\n  static { bar() }\n  static int foo = 0\n  static def bar() { MyScript.foo += 1 }\n  def run() {\n    echo(/MyScript.foo is ${MyScript.foo}/)\n   }\n}\n", true));
        jenkins.assertLogContains("CpsCallableInvocation{methodName=bar,", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockLhsInMethodPointerExpression() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("({  System.getProperties()\n  1}().&toString)()", true));
        jenkins.assertLogContains("staticMethod java.lang.System getProperties", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockRhsInMethodPointerExpression() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("1.&(System.getProperty('sandboxTransformsMethodPointerRhs'))()", true));
        jenkins.assertLogContains("staticMethod java.lang.System getProperty java.lang.String", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockCastingUnsafeUserDefinedImplementationsOfCollection() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("import groovy.transform.Field\n@Field def i = 0\n@NonCPS def unsafe() {\n  if(i) {\n    return ['secret.txt'] as Object[]\n  } else {\n    i = 1\n    return null\n  }\n}\n((this.&unsafe as Collection) as File) as Object[]", true));
        jenkins.assertLogContains("Casting non-standard Collections to a type via constructor is not supported", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockCastingSafeUserDefinedImplementationsOfCollection() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("@NonCPS def safe() {\n  return ['secret.txt'] as Object[]\n}\n(this.&safe as Collection) as File", true));
        jenkins.assertLogContains("Casting non-standard Collections to a type via constructor is not supported", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockEnumConstants() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("jenkins.YesNoMaybe.MAYBE", true));
        jenkins.assertLogContains("staticField jenkins.YesNoMaybe MAYBE", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("jenkins.YesNoMaybe.class as Object[]", true));
        jenkins.assertLogContains("staticField jenkins.YesNoMaybe YES", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockMethodNameInMethodCalls() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("1.({ Jenkins.getInstance(); 'toString' }())()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("def @NonCPS method() {\n  1.({ Jenkins.getInstance(); 'toString' }())()\n}\nmethod()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockPropertyNameInAssignment() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class Test { def x = 0 }\ndef t = new Test()\nt.({ Jenkins.getInstance(); 'x' }()) = 1\n", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("class Test { def x = 0 }\ndef @NonCPS method() {\n  def t = new Test()\n  t.({ Jenkins.getInstance(); 'x' }()) = 1\n}\nmethod()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockPropertyNameInPrefixPostfixExpressions() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("class Test { def x = 0 }\ndef t = new Test()\nt.({ Jenkins.getInstance(); 'x' }())++\n", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("class Test { def x = 0 }\ndef @NonCPS method() {\n  def t = new Test()\n  t.({ Jenkins.getInstance(); 'x' }())++\n}\nmethod()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockSubexpressionsInPrefixPostfixExpressions() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("++({ Jenkins.getInstance(); 1 }())", true));
        jenkins.assertLogContains("MissingMethodException: No signature of method: com.cloudbees.groovy.cps.Builder.prefixInc", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("def @NonCPS method() { ++({ Jenkins.getInstance(); 1 }()) }; method()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("({ Jenkins.getInstance(); 1 }())++", true));
        jenkins.assertLogContains("MissingMethodException: No signature of method: com.cloudbees.groovy.cps.Builder.postfixInc", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
        createProject.setDefinition(new CpsFlowDefinition("def @NonCPS method() { ({ Jenkins.getInstance(); 1 }())++ }; method()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockInitialExpressionsInClosureExpressions() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("({ param = 'test' -> echo(/param is $param/) })()", true));
        jenkins.assertLogContains("param is null", jenkins.buildAndAssertSuccess(createProject));
        createProject.setDefinition(new CpsFlowDefinition("def @NonCPS method() { ({ j = Jenkins.getInstance() -> true })() }; method()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void blockInitialExpressionsForParamsInCpsTransformedMethods() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("def m(p = Jenkins.getInstance()) { true }; m()", true));
        jenkins.assertLogContains("staticMethod jenkins.model.Jenkins getInstance", jenkins.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void stepWithUnsafeParameter() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("import com.cloudbees.groovy.cps.NonCPS\nimport org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition2Test.UnsafeDescribable\nclass UnsafeDescribableImpl implements UnsafeDescribable {\n  @NonCPS void doSomething() {\n    Jenkins.get().setSystemMessage('Hello, world!')\n  }\n  @NonCPS Descriptor<UnsafeDescribableImpl> getDescriptor() {\n    null\n  }\n}\nunsafeParameter(new UnsafeDescribableImpl())", true));
        jenkins.assertLogContains("Rejecting unsandboxed static method call: jenkins.model.Jenkins.get()", jenkins.buildAndAssertStatus(Result.FAILURE, createProject));
        Assert.assertNull(Jenkins.get().getDescription());
    }

    @Test
    public void cpsScriptInheritance() throws Exception {
        WorkflowJob createProject = jenkins.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("import com.cloudbees.groovy.cps.NonCPS\nimport org.jenkinsci.plugins.workflow.cps.CpsScript\nclass MyScript extends CpsScript {\n  @NonCPS public Binding getBinding() {\n    Jenkins.get().setSystemMessage('Hello, world!')\n    super.getBinding()\n  }\n  public Object run() { }\n}\n", true));
        jenkins.assertLogContains("Rejecting unsandboxed static method call: jenkins.model.Jenkins.get()", jenkins.buildAndAssertStatus(Result.FAILURE, createProject));
        Assert.assertNull(Jenkins.get().getDescription());
    }
}
