package org.jenkinsci.plugins.workflow.cps;

import com.gargoylesoftware.htmlunit.ElementNotFoundException;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.google.common.util.concurrent.ListenableFuture;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import groovy.lang.GroovyShell;
import hudson.AbortException;
import hudson.model.Action;
import hudson.model.Item;
import hudson.model.Result;
import hudson.model.TaskListener;
import hudson.security.Permission;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.logging.ConsoleHandler;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException;
import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted;
import org.jenkinsci.plugins.workflow.cps.CpsFlowExecution;
import org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist;
import org.jenkinsci.plugins.workflow.flow.FlowExecution;
import org.jenkinsci.plugins.workflow.flow.FlowExecutionOwner;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.jenkinsci.plugins.workflow.pickles.Pickle;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.support.pickles.SingleTypedPickleFactory;
import org.jenkinsci.plugins.workflow.support.pickles.TryRepeatedly;
import org.jenkinsci.plugins.workflow.test.steps.SemaphoreStep;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.BuildWatcher;
import org.jvnet.hudson.test.FlagRule;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.JenkinsSessionRule;
import org.jvnet.hudson.test.LoggerRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;
import org.jvnet.hudson.test.TestExtension;

/* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest.class */
public class CpsFlowExecutionTest {

    @ClassRule
    public static BuildWatcher buildWatcher = new BuildWatcher();

    @Rule
    public JenkinsSessionRule sessions = new JenkinsSessionRule();

    @Rule
    public LoggerRule logger = new LoggerRule();

    @Rule
    public FlagRule<Boolean> secretField = new FlagRule<>(() -> {
        return Boolean.valueOf(SECRET);
    }, bool -> {
        SECRET = bool.booleanValue();
    });

    @Rule
    public FlagRule<String> groovySourceFileAllowlistDisabled = FlagRule.systemProperty("org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist.DISABLED");

    @Rule
    public FlagRule<String> groovySourceFileAllowlistFiles = FlagRule.systemProperty("org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist.DefaultAllowlist.ALLOWED_SOURCE_FILES");
    public static boolean SECRET;

    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest$BadThing.class */
    public static class BadThing {
        @Whitelisted
        public BadThing() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest$BadThingPickle.class */
    public static class BadThingPickle extends Pickle {
        private BadThingPickle() {
        }

        public ListenableFuture<?> rehydrate(final FlowExecutionOwner flowExecutionOwner) {
            return new TryRepeatedly<BadThing>(1) { // from class: org.jenkinsci.plugins.workflow.cps.CpsFlowExecutionTest.BadThingPickle.1
                /* JADX INFO: Access modifiers changed from: protected */
                /* renamed from: tryResolve, reason: merged with bridge method [inline-methods] */
                public BadThing m18tryResolve() throws Exception {
                    return null;
                }

                protected FlowExecutionOwner getOwner() {
                    return flowExecutionOwner;
                }

                protected void printWaitingMessage(TaskListener taskListener) {
                    taskListener.getLogger().println("Cannot restore BadThing");
                }
            };
        }
    }

    @TestExtension({"interruptProgramLoad"})
    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest$BadThingPickleFactory.class */
    public static class BadThingPickleFactory extends SingleTypedPickleFactory<BadThing> {
        /* JADX INFO: Access modifiers changed from: protected */
        public Pickle pickle(BadThing badThing) {
            return new BadThingPickle();
        }
    }

    @TestExtension({"groovySourcesCanBeUsedIfAllowed"})
    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest$TestAllowlist.class */
    public static class TestAllowlist extends GroovySourceFileAllowlist {
        public boolean isAllowed(String str) {
            return str.endsWith("/trusted/foo.groovy");
        }
    }

    @TestExtension({"trustedShell"})
    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest$TrustedShell.class */
    public static class TrustedShell extends GroovyShellDecorator {
        public GroovyShellDecorator forTrusted() {
            return new UntrustedShellDecorator();
        }
    }

    @TestExtension({"trustedShell_control"})
    /* loaded from: input_file:org/jenkinsci/plugins/workflow/cps/CpsFlowExecutionTest$UntrustedShellDecorator.class */
    public static class UntrustedShellDecorator extends GroovyShellDecorator {
        public void configureShell(@CheckForNull CpsFlowExecution cpsFlowExecution, GroovyShell groovyShell) {
            try {
                groovyShell.getClassLoader().addURL(new URL(TrustedShell.class.getClassLoader().getResource("trusted/foo.groovy"), "."));
            } catch (MalformedURLException e) {
                throw new AssertionError(e);
            }
        }
    }

    @Test
    public void getCurrentExecutions() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.jenkins.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("echo 'a step'; semaphore 'one'; retry(2) {semaphore 'two'; node {semaphore 'three'}; semaphore 'four'}; semaphore 'five'; parallel a: {node {semaphore 'six'}}, b: {semaphore 'seven'}; semaphore 'eight'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("one/1", waitForStart);
            FlowExecution execution = waitForStart.getExecution();
            assertStepExecutions(execution, "semaphore");
            SemaphoreStep.success("one/1", (Object) null);
            SemaphoreStep.waitForStart("two/1", waitForStart);
            assertStepExecutions(execution, "retry {}", "semaphore");
            SemaphoreStep.success("two/1", (Object) null);
            SemaphoreStep.waitForStart("three/1", waitForStart);
            assertStepExecutions(execution, "retry {}", "node {}", "semaphore");
        });
        this.sessions.then(jenkinsRule2 -> {
            WorkflowRun lastBuild = jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getLastBuild();
            CpsFlowExecution execution = lastBuild.getExecution();
            Assert.assertTrue(execution.isSandbox());
            SemaphoreStep.success("three/1", (Object) null);
            SemaphoreStep.waitForStart("four/1", lastBuild);
            assertStepExecutions(execution, "retry {}", "semaphore");
            SemaphoreStep.failure("four/1", new AbortException("try again"));
            SemaphoreStep.waitForStart("two/2", lastBuild);
            assertStepExecutions(execution, "retry {}", "semaphore");
            SemaphoreStep.success("two/2", (Object) null);
            SemaphoreStep.waitForStart("three/2", lastBuild);
            assertStepExecutions(execution, "retry {}", "node {}", "semaphore");
            SemaphoreStep.success("three/2", (Object) null);
            SemaphoreStep.waitForStart("four/2", lastBuild);
            assertStepExecutions(execution, "retry {}", "semaphore");
            SemaphoreStep.success("four/2", (Object) null);
            SemaphoreStep.waitForStart("five/1", lastBuild);
            assertStepExecutions(execution, "semaphore");
            SemaphoreStep.success("five/1", (Object) null);
            SemaphoreStep.waitForStart("six/1", lastBuild);
            SemaphoreStep.waitForStart("seven/1", lastBuild);
            assertStepExecutions(execution, "parallel {}", "node {}", "semaphore", "semaphore");
            SemaphoreStep.success("six/1", (Object) null);
            SemaphoreStep.success("seven/1", (Object) null);
            SemaphoreStep.waitForStart("eight/1", lastBuild);
            assertStepExecutions(execution, "semaphore");
            SemaphoreStep.success("eight/1", (Object) null);
            jenkinsRule2.assertBuildStatusSuccess(jenkinsRule2.waitForCompletion(lastBuild));
            assertStepExecutions(execution, new String[0]);
        });
    }

    private static void assertStepExecutions(FlowExecution flowExecution, String... strArr) throws Exception {
        List<String> stepNames = stepNames(flowExecution.getCurrentExecutions(true));
        List<String> stepNames2 = stepNames(flowExecution.getCurrentExecutions(false));
        int size = stepNames2.size();
        int size2 = size - stepNames.size();
        Assert.assertEquals(stepNames + " was not the tail of " + stepNames2, stepNames, stepNames2.subList(size2, size));
        ListIterator<String> listIterator = stepNames2.listIterator();
        for (int i = 0; i < size2; i++) {
            listIterator.set(listIterator.next() + " {}");
        }
        Assert.assertEquals(Arrays.toString(strArr), stepNames2.toString());
    }

    private static List<String> stepNames(ListenableFuture<List<StepExecution>> listenableFuture) throws Exception {
        ArrayList arrayList = new ArrayList();
        Iterator it = ((List) listenableFuture.get()).iterator();
        while (it.hasNext()) {
            StepDescriptor stepDescriptor = ((StepExecution) it.next()).getContext().getStepDescriptor();
            Assert.assertNotNull(stepDescriptor);
            arrayList.add(stepDescriptor.getFunctionName());
        }
        return arrayList;
    }

    @Test
    public void pause() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            Item item = (WorkflowJob) jenkinsRule.jenkins.createProject(WorkflowJob.class, "p");
            jenkinsRule.jenkins.setSecurityRealm(jenkinsRule.createDummySecurityRealm());
            jenkinsRule.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(new Permission[]{Jenkins.READ, Item.READ}).everywhere().toEveryone().grant(new Permission[]{Jenkins.ADMINISTER}).everywhere().to(new String[]{"admin"}).grant(new Permission[]{Item.BUILD, Item.CANCEL}).onItems(new Item[]{item}).to(new String[]{"dev"}));
            jenkinsRule.jenkins.save();
            item.setDefinition(new CpsFlowDefinition("echo 'before'; semaphore 'one'; echo 'after'", true));
            WorkflowRun waitForStart = item.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("one/1", waitForStart);
            CpsFlowExecution execution = waitForStart.getExecution();
            Assert.assertFalse(execution.isPaused());
            JenkinsRule.WebClient createWebClient = jenkinsRule.createWebClient();
            String str = waitForStart.getUrl() + "pause/toggle";
            WebRequest webRequest = new WebRequest(createWebClient.createCrumbedUrl(str), HttpMethod.POST);
            try {
                Assert.fail("should have been rejected but produced: " + createWebClient.getPage(webRequest).getWebResponse().getContentAsString());
            } catch (FailingHttpStatusCodeException e) {
                Assert.assertEquals(404L, e.getStatusCode());
            }
            createWebClient.login("admin").getPage(webRequest);
            Assert.assertTrue(execution.isPaused());
            jenkinsRule.waitForMessage("before", waitForStart);
            SemaphoreStep.success("one/1", (Object) null);
            Thread.sleep(1000L);
            Assert.assertTrue(waitForStart.isBuilding());
            Assert.assertTrue(execution.isPaused());
            String str2 = jenkinsRule.contextPath + "/" + str;
            jenkinsRule.createWebClient().login("admin").getPage(waitForStart).getAnchorByHref(str2);
            try {
                jenkinsRule.createWebClient().getPage(waitForStart).getAnchorByHref(str2);
                Assert.fail("link should not be present for anonymous user without CANCEL");
            } catch (ElementNotFoundException e2) {
            }
        });
        this.sessions.then(jenkinsRule2 -> {
            WorkflowRun lastBuild = jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getLastBuild();
            Assert.assertTrue(lastBuild.isBuilding());
            CpsFlowExecution execution = lastBuild.getExecution();
            Assert.assertTrue(execution.isPaused());
            JenkinsRule.WebClient createWebClient = jenkinsRule2.createWebClient();
            createWebClient.login("dev").getPage(new WebRequest(createWebClient.createCrumbedUrl(lastBuild.getUrl() + "pause/toggle"), HttpMethod.POST));
            Assert.assertFalse(execution.isPaused());
            jenkinsRule2.assertBuildStatusSuccess(jenkinsRule2.waitForCompletion(lastBuild));
            Assert.assertFalse(execution.isPaused());
        });
    }

    @Test
    public void quietDown() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.jenkins.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'; echo 'I am done'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("wait/1", waitForStart);
            jenkinsRule.jenkins.doQuietDown(true, 0);
            SemaphoreStep.success("wait/1", (Object) null);
            jenkinsRule.waitForMessage("Pausing (Preparing for shutdown)", waitForStart);
            waitForStart.getExecution().waitForSuspension();
            Assert.assertTrue(waitForStart.isBuilding());
        });
        this.sessions.then(jenkinsRule2 -> {
            jenkinsRule2.assertLogContains("I am done", jenkinsRule2.assertBuildStatusSuccess(jenkinsRule2.waitForCompletion(jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getLastBuild())));
        });
    }

    @Test
    public void quietDownThenCancelQuietDown() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'; echo 'I am done'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("wait/1", waitForStart);
            jenkinsRule.jenkins.doQuietDown(true, 0);
            SemaphoreStep.success("wait/1", (Object) null);
            jenkinsRule.waitForMessage("Pausing (Preparing for shutdown)", waitForStart);
            Assert.assertTrue(waitForStart.isBuilding());
            jenkinsRule.assertLogNotContains("I am done", waitForStart);
            jenkinsRule.jenkins.doCancelQuietDown();
            jenkinsRule.waitForMessage("Resuming (Shutdown was canceled)", waitForStart);
            jenkinsRule.assertLogContains("I am done", jenkinsRule.assertBuildStatusSuccess(jenkinsRule.waitForCompletion(waitForStart)));
        });
    }

    @Test
    public void pauseThenQuietDownThenUnpauseThenCancelQuietDown() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'; echo 'I am done'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("wait/1", waitForStart);
            waitForStart.getExecution().pause(true);
            jenkinsRule.waitForMessage("Pausing", waitForStart);
            SemaphoreStep.success("wait/1", (Object) null);
            Thread.sleep(1000L);
            jenkinsRule.jenkins.doQuietDown(true, 0);
            Thread.sleep(1000L);
            jenkinsRule.assertLogNotContains("Pausing (Preparing for shutdown)", waitForStart);
            waitForStart.getExecution().pause(false);
            jenkinsRule.waitForMessage("Resuming", waitForStart);
            jenkinsRule.waitForMessage("Pausing (Preparing for shutdown)", waitForStart);
            jenkinsRule.jenkins.doCancelQuietDown();
            jenkinsRule.waitForMessage("Resuming (Shutdown was canceled)", waitForStart);
            jenkinsRule.assertLogContains("I am done", jenkinsRule.assertBuildStatusSuccess(jenkinsRule.waitForCompletion(waitForStart)));
        });
    }

    @Test
    public void pauseThenQuietDownThenCancelQuietDownThenUnpause() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'; echo 'I am done'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("wait/1", waitForStart);
            waitForStart.getExecution().pause(true);
            jenkinsRule.waitForMessage("Pausing", waitForStart);
            SemaphoreStep.success("wait/1", (Object) null);
            Thread.sleep(1000L);
            jenkinsRule.jenkins.doQuietDown(true, 0);
            Thread.sleep(1000L);
            jenkinsRule.assertLogNotContains("Pausing (Preparing for shutdown)", waitForStart);
            jenkinsRule.jenkins.doCancelQuietDown();
            Thread.sleep(1000L);
            jenkinsRule.assertLogNotContains("Resuming (Shutdown was canceled)", waitForStart);
            waitForStart.getExecution().pause(false);
            jenkinsRule.waitForMessage("Resuming", waitForStart);
            jenkinsRule.assertLogContains("I am done", jenkinsRule.assertBuildStatusSuccess(jenkinsRule.waitForCompletion(waitForStart)));
        });
    }

    @Test
    public void quietDownThenPauseThenCancelQuietDownThenUnpause() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'; echo 'I am done'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("wait/1", waitForStart);
            jenkinsRule.jenkins.doQuietDown(true, 0);
            SemaphoreStep.success("wait/1", (Object) null);
            jenkinsRule.waitForMessage("Pausing (Preparing for shutdown)", waitForStart);
            waitForStart.getExecution().pause(true);
            jenkinsRule.waitForMessage("Pausing", waitForStart);
            jenkinsRule.jenkins.doCancelQuietDown();
            jenkinsRule.waitForMessage("Resuming (Shutdown was canceled)", waitForStart);
            jenkinsRule.assertLogNotContains("I am done", waitForStart);
            waitForStart.getExecution().pause(false);
            jenkinsRule.waitForMessage("Resuming", waitForStart);
            jenkinsRule.assertLogContains("I am done", jenkinsRule.assertBuildStatusSuccess(jenkinsRule.waitForCompletion(waitForStart)));
        });
    }

    @Test
    public void quietDownThenPauseThenUnpauseThenCancelQuietDown() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'; echo 'I am done'", true));
            WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
            SemaphoreStep.waitForStart("wait/1", waitForStart);
            jenkinsRule.jenkins.doQuietDown(true, 0);
            SemaphoreStep.success("wait/1", (Object) null);
            jenkinsRule.waitForMessage("Pausing (Preparing for shutdown)", waitForStart);
            waitForStart.getExecution().pause(true);
            jenkinsRule.waitForMessage("Pausing", waitForStart);
            waitForStart.getExecution().pause(false);
            jenkinsRule.waitForMessage("Resuming", waitForStart);
            jenkinsRule.assertLogNotContains("I am done", waitForStart);
            jenkinsRule.jenkins.doCancelQuietDown();
            jenkinsRule.waitForMessage("Resuming (Shutdown was canceled)", waitForStart);
            jenkinsRule.assertLogContains("I am done", jenkinsRule.assertBuildStatusSuccess(jenkinsRule.waitForCompletion(waitForStart)));
        });
    }

    @Test
    public void timing() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            this.logger.record(CpsFlowExecution.TIMING_LOGGER, Level.FINE).capture(100);
            WorkflowJob createProject = jenkinsRule.jenkins.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("semaphore 'wait'", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.sessions.then(jenkinsRule2 -> {
            WorkflowRun lastBuild = jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getLastBuild();
            SemaphoreStep.success("wait/1", (Object) null);
            jenkinsRule2.assertBuildStatusSuccess(jenkinsRule2.waitForCompletion(lastBuild));
            while (this.logger.getRecords().isEmpty()) {
                Thread.sleep(100L);
            }
            MatcherAssert.assertThat(this.logger.getRecords(), Matchers.not(Matchers.empty()));
            Assert.assertEquals(CpsFlowExecution.TimingKind.values().length, lastBuild.getExecution().timings.keySet().size());
        });
    }

    @Test
    public void interruptProgramLoad() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.jenkins.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("def x = new " + BadThing.class.getCanonicalName() + "(); semaphore 'wait'", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.sessions.then(jenkinsRule2 -> {
            Logger logger = Logger.getLogger("org.jenkinsci.plugins.workflow");
            logger.setLevel(Level.FINE);
            ConsoleHandler consoleHandler = new ConsoleHandler();
            consoleHandler.setLevel(Level.ALL);
            logger.addHandler(consoleHandler);
            WorkflowRun lastBuild = jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getLastBuild();
            Assert.assertTrue(lastBuild.isBuilding());
            jenkinsRule2.waitForMessage("Cannot restore BadThing", lastBuild);
            lastBuild.getExecutor().interrupt();
            jenkinsRule2.assertBuildStatus(Result.ABORTED, jenkinsRule2.waitForCompletion(lastBuild));
        });
    }

    @Test
    public void trustedShell() throws Throwable {
        trustedShell(true);
    }

    @Test
    public void trustedShell_control() throws Throwable {
        trustedShell(false);
    }

    private void trustedShell(boolean z) throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.jenkins.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("new foo().attempt()", true));
            WorkflowRun workflowRun = (WorkflowRun) createProject.scheduleBuild2(0, new Action[0]).get();
            if (z) {
                jenkinsRule.assertBuildStatusSuccess(workflowRun);
                Assert.assertTrue(SECRET);
            } else {
                jenkinsRule.assertBuildStatus(Result.FAILURE, workflowRun);
                jenkinsRule.assertLogContains(new RejectedAccessException("staticField", CpsFlowExecutionTest.class.getName() + " SECRET").getMessage(), workflowRun);
                Assert.assertFalse(SECRET);
            }
        });
    }

    @Test
    public void groovySourcesCannotBeUsedByDefault() throws Throwable {
        this.logger.record(GroovySourceFileAllowlist.class, Level.INFO).capture(100);
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("new hudson.model.View.main()", true));
            WorkflowRun buildAndAssertStatus = jenkinsRule.buildAndAssertStatus(Result.FAILURE, createProject);
            jenkinsRule.assertLogContains("unable to resolve class hudson.model.View.main", buildAndAssertStatus);
            MatcherAssert.assertThat(this.logger.getMessages(), Matchers.hasItem(Matchers.containsString("/hudson/model/View/main.groovy from being loaded without sandbox protection in " + buildAndAssertStatus)));
        });
    }

    @Test
    public void groovySourcesCanBeUsedIfAllowlistIsDisabled() throws Throwable {
        System.setProperty("org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist.DISABLED", "true");
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("new hudson.model.View.main()", true));
            jenkinsRule.buildAndAssertSuccess(createProject);
        });
    }

    @Test
    public void groovySourcesCanBeUsedIfAddedToSystemProperty() throws Throwable {
        System.setProperty("org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist.DefaultAllowlist.ALLOWED_SOURCE_FILES", "/just/an/example.groovy,/hudson/model/View/main.groovy");
        this.logger.record(GroovySourceFileAllowlist.DefaultAllowlist.class, Level.INFO).capture(100);
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("new hudson.model.View.main()", true));
            jenkinsRule.buildAndAssertSuccess(createProject);
            MatcherAssert.assertThat(this.logger.getMessages(), Matchers.hasItem(Matchers.containsString("Allowing Pipelines to access /hudson/model/View/main.groovy")));
        });
    }

    @Test
    public void groovySourcesCanBeUsedIfAllowed() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class);
            createProject.setDefinition(new CpsFlowDefinition("(new trusted.foo()).attempt()", true));
            jenkinsRule.buildAndAssertSuccess(createProject);
            Assert.assertTrue(SECRET);
        });
    }

    @Test
    public void envActionImplPickle() throws Throwable {
        this.sessions.then(jenkinsRule -> {
            WorkflowJob createProject = jenkinsRule.createProject(WorkflowJob.class, "p");
            createProject.setDefinition(new CpsFlowDefinition("def e = env\nsemaphore('wait')\ne.foo = 'bar'\n", true));
            SemaphoreStep.waitForStart("wait/1", createProject.scheduleBuild2(0, new Action[0]).waitForStart());
        });
        this.sessions.then(jenkinsRule2 -> {
            WorkflowRun lastBuild = jenkinsRule2.jenkins.getItemByFullName("p", WorkflowJob.class).getLastBuild();
            SemaphoreStep.success("wait/1", (Object) null);
            jenkinsRule2.assertBuildStatus(Result.SUCCESS, jenkinsRule2.waitForCompletion(lastBuild));
            MatcherAssert.assertThat((String) EnvActionImpl.forRun(lastBuild).getEnvironment().get("foo"), Matchers.equalTo("bar"));
        });
    }
}
