package hudson.plugins.mercurial;

import hudson.FilePath;
import hudson.model.Action;
import hudson.model.Result;
import hudson.plugins.mercurial.MercurialInstallation;
import java.io.File;
import java.util.Collections;
import java.util.List;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.junit.rules.TestRule;
import org.jvnet.hudson.test.FlagRule;
import org.jvnet.hudson.test.JenkinsRule;

/* loaded from: input_file:hudson/plugins/mercurial/Security2478Test.class */
public class Security2478Test {
    private static final String INSTALLATION = "mercurial";

    @Rule
    public JenkinsRule rule = new JenkinsRule();

    @Rule
    public MercurialRule m = new MercurialRule(this.rule);

    @Rule
    public TestRule notAllowNonRemoteCheckout = new FlagRule(() -> {
        return Boolean.valueOf(MercurialSCM.ALLOW_LOCAL_CHECKOUT);
    }, bool -> {
        MercurialSCM.ALLOW_LOCAL_CHECKOUT = bool.booleanValue();
    }, false);

    @Rule
    public TemporaryFolder tmp = new TemporaryFolder();
    private File repo;

    @Before
    public void setUp() throws Exception {
        this.repo = this.tmp.getRoot();
        this.rule.jenkins.getDescriptorByType(MercurialInstallation.DescriptorImpl.class).setInstallations(new MercurialInstallation[]{new MercurialInstallation(INSTALLATION, "", "hg", false, true, new File(this.tmp.newFolder(), "custom-dir").getAbsolutePath(), false, "", Collections.emptyList())});
    }

    @Test
    public void checkoutShouldAbortWhenSourceIsNonRemoteAndBuildOnController() throws Exception {
        Assert.assertFalse("Non Remote checkout should be disallowed", MercurialSCM.ALLOW_LOCAL_CHECKOUT);
        WorkflowJob createProject = this.rule.jenkins.createProject(WorkflowJob.class, "pipeline");
        FilePath createTempDir = this.rule.jenkins.getRootPath().createTempDir("t", "");
        createProject.setDefinition(new CpsFlowDefinition("node {\ncheckout([$class: 'MercurialSCM', credentialsId: '', installation: 'mercurial', source: '" + createTempDir + "'])\n}", true));
        this.rule.assertLogContains("Checkout of Mercurial source '" + createTempDir + "' aborted because it references a local directory, which may be insecure. You can allow local checkouts anyway by setting the system property '" + MercurialSCM.ALLOW_LOCAL_CHECKOUT_PROPERTY + "' to true.", this.rule.assertBuildStatus(Result.FAILURE, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void checkoutOnAgentShouldNotAbortWhenSourceIsNonRemoteAndBuildOnAgent() throws Exception {
        Assert.assertFalse("Non Remote checkout should be disallowed", MercurialSCM.ALLOW_LOCAL_CHECKOUT);
        FilePath child = this.rule.createOnlineSlave().getRootPath().child("testws");
        child.mkdirs();
        this.m.hg(child, "init");
        this.m.touchAndCommit(child, "a");
        WorkflowJob createProject = this.rule.jenkins.createProject(WorkflowJob.class, "pipeline");
        createProject.setDefinition(new CpsFlowDefinition("node('slave0') {\ncheckout([$class: 'MercurialSCM', credentialsId: '', installation: 'mercurial', source: '" + child + "'])\n}", true));
        this.rule.assertBuildStatus(Result.SUCCESS, createProject.scheduleBuild2(0, new Action[0]));
    }

    @Test
    public void checkoutShouldNotAbortWhenSourceIsAlias() throws Exception {
        Assert.assertFalse("Non Remote checkout should be disallowed", MercurialSCM.ALLOW_LOCAL_CHECKOUT);
        WorkflowJob createProject = this.rule.jenkins.createProject(WorkflowJob.class, "pipeline");
        this.rule.jenkins.getDescriptorByType(MercurialInstallation.DescriptorImpl.class).setInstallations(new MercurialInstallation[]{new MercurialInstallation(INSTALLATION, "", "hg", false, false, "", false, "[paths]\nalias1 = https://www.mercurial-scm.org/repo/hello", (List) null)});
        createProject.setDefinition(new CpsFlowDefinition("node {\ncheckout([$class: 'MercurialSCM', credentialsId: '', installation: 'mercurial', source: 'alias1'])\n}", true));
        this.m.hg(new FilePath(this.repo), "init");
        this.m.touchAndCommit(new FilePath(this.repo), "a");
        this.rule.assertLogNotContains("Checkout of Mercurial source 'alias1' aborted because it references a local directory, which may be insecure. You can allow local checkouts anyway by setting the system property '" + MercurialSCM.ALLOW_LOCAL_CHECKOUT_PROPERTY + "' to true.", this.rule.assertBuildStatus(Result.SUCCESS, createProject.scheduleBuild2(0, new Action[0])));
    }

    @Test
    public void checkoutShouldNotAbortWhenSourceIsAliasPointingToLocalPath() throws Exception {
        Assert.assertFalse("Non Remote checkout should be disallowed", MercurialSCM.ALLOW_LOCAL_CHECKOUT);
        WorkflowJob createProject = this.rule.jenkins.createProject(WorkflowJob.class, "pipeline");
        this.rule.jenkins.getDescriptorByType(MercurialInstallation.DescriptorImpl.class).setInstallations(new MercurialInstallation[]{new MercurialInstallation(INSTALLATION, "", "hg", false, false, "", false, "[paths]\nalias1 = " + this.repo.getPath(), (List) null)});
        createProject.setDefinition(new CpsFlowDefinition("node {\ncheckout([$class: 'MercurialSCM', credentialsId: '', installation: 'mercurial', source: 'alias1'])\n}", true));
        this.m.hg(new FilePath(this.repo), "init");
        this.m.touchAndCommit(new FilePath(this.repo), "a");
        this.rule.assertBuildStatus(Result.SUCCESS, createProject.scheduleBuild2(0, new Action[0]));
    }
}
