package org.jenkinsci.plugins.workflow.cps;

import hudson.model.Item;
import hudson.model.User;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.Permission;
import jenkins.model.Jenkins;
import org.hamcrest.Matchers;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;

/* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowDefinitionValidatorTest.class */
public class CpsFlowDefinitionValidatorTest {

    @Rule
    public JenkinsRule r = new JenkinsRule();

    @Test
    public void doCheckScriptCompile() throws Exception {
        CpsFlowDefinition.DescriptorImpl descriptorByType = this.r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class);
        WorkflowJob createProject = this.r.jenkins.createProject(WorkflowJob.class, "w");
        Assert.assertThat(descriptorByType.doCheckScriptCompile(createProject, "echo 'hello'").toString(), Matchers.containsString("\"success\""));
        Assert.assertThat(descriptorByType.doCheckScriptCompile(createProject, "echo 'hello").toString(), Matchers.containsString("\"fail\""));
    }

    @Test
    public void blockASTTest() throws Exception {
        Assert.assertThat(this.r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class).doCheckScriptCompile(this.r.jenkins.createProject(WorkflowJob.class, "w"), "import groovy.transform.*\nimport jenkins.model.Jenkins\nimport org.jenkinsci.plugins.workflow.job.WorkflowJob\n@ASTTest(value={ assert Jenkins.get().createProject(WorkflowJob.class, \"should-not-exist\") })\n@Field int x\necho 'hello'\n").toString(), Matchers.containsString("Annotation ASTTest cannot be used in the sandbox"));
        Assert.assertNull(this.r.jenkins.getItem("should-not-exist"));
    }

    @Test
    public void blockGrab() throws Exception {
        Assert.assertThat(this.r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class).doCheckScriptCompile(this.r.jenkins.createProject(WorkflowJob.class, "w"), "@Grab(group='foo', module='bar', version='1.0')\ndef foo\n").toString(), Matchers.containsString("Annotation Grab cannot be used in the sandbox"));
    }

    @Test
    public void configureRequired() throws Exception {
        CpsFlowDefinition.DescriptorImpl descriptorByType = this.r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class);
        this.r.jenkins.setSecurityRealm(this.r.createDummySecurityRealm());
        this.r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(new Permission[]{Jenkins.ADMINISTER}).everywhere().to(new String[]{"admin"}).grant(new Permission[]{Jenkins.READ, Item.CONFIGURE}).everywhere().to(new String[]{"dev1"}).grant(new Permission[]{Jenkins.READ}).everywhere().to(new String[]{"dev2"}));
        WorkflowJob createProject = this.r.jenkins.createProject(WorkflowJob.class, "w");
        ACLContext as = ACL.as(User.getById("admin", true));
        try {
            Assert.assertThat(descriptorByType.doCheckScriptCompile(createProject, "echo 'hello").toString(), Matchers.containsString("fail"));
            if (as != null) {
                as.close();
            }
            ACLContext as2 = ACL.as(User.getById("dev1", true));
            try {
                Assert.assertThat(descriptorByType.doCheckScriptCompile(createProject, "echo 'hello").toString(), Matchers.containsString("fail"));
                if (as2 != null) {
                    as2.close();
                }
                as = ACL.as(User.getById("dev2", true));
                try {
                    Assert.assertThat(descriptorByType.doCheckScriptCompile(createProject, "echo 'hello").toString(), Matchers.containsString("success"));
                    if (as != null) {
                        as.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            if (as != null) {
                try {
                    as.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        }
    }

    @Test
    public void blockConstructorInvocationInCheck() throws Exception {
        Assert.assertThat(this.r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class).doCheckScriptCompile(this.r.jenkins.createProject(WorkflowJob.class, "w"), "import jenkins.model.Jenkins\nimport hudson.model.FreeStyleProject\npublic class DoNotRunConstructor {\n  public DoNotRunConstructor() {\n    assert Jenkins.getInstance().createProject(FreeStyleProject.class, \"should-not-exist\")\n  }\n}\n").toString(), Matchers.containsString("success"));
        Assert.assertNull(this.r.jenkins.getItem("should-not-exist"));
    }
}
