Selectively encode entities in splices into xml

adriaanm · adriaanm · commit 8743a2f76e79 · 2015-04-30T11:53:07.000-07:00
Don't want to encode in ~/.credentials, but do in any xml file.
Should do it wholesale...

TODO: wrap `xmlSafe` around everything that's spliced into xml
diff --git a/libraries/job_blurbs.rb b/libraries/job_blurbs.rb
@@ -8,6 +8,10 @@ def stdRefSpec
       "+refs/heads/*:refs/remotes/${repo_user}/* +refs/pull/*/head:refs/remotes/${repo_user}/pr/*/head"
     end
 
+    def xmlSafe(str)
+      CGI.escapeHTML(str)
+    end
+
     def properties(repoUser, repoName, repoRef, params)
       stringPar =
         """
@@ -52,12 +56,12 @@ def flowProject(options = {})
       buildNameScript = options.fetch(:buildNameScript, setBuildNameScript)
 
       <<-EOX
-      <description>#{CGI.escapeHTML(description)}</description>
+      <description>#{xmlSafe(description)}</description>
       #{properties(repoUser, repoName, repoRef, params)}
       <scm class="hudson.scm.NullSCM"/>
       <canRoam>true</canRoam>
       <concurrentBuild>#{concurrent}</concurrentBuild>
-      <dsl>#{CGI.escapeHTML(buildNameScript+"\n\n"+dsl)}</dsl>
+      <dsl>#{xmlSafe(buildNameScript+"\n\n"+dsl)}</dsl>
       EOX
     end
 
@@ -95,10 +99,10 @@ def env(name)
       end
 
       <<-EOX
-        <description>#{CGI.escapeHTML(description)}</description>
+        <description>#{xmlSafe(description)}</description>
         #{properties(repoUser, repoName, repoRef, params)}
         #{scmBlurb(refspec)}
-        #{restriction % {nodes: CGI.escapeHTML(nodeRestriction)} if nodeRestriction}
+        #{restriction % {nodes: xmlSafe(nodeRestriction)} if nodeRestriction}
         <concurrentBuild>#{concurrent}</concurrentBuild>
         <builders>
           #{groovySysScript(buildNameScript)}
@@ -200,7 +204,7 @@ def groovySysScript(script)
       <<-EOH.gsub(/^      /, '')
       <hudson.plugins.groovy.SystemGroovy plugin="groovy">
         <scriptSource class="hudson.plugins.groovy.StringScriptSource">
-          <command>#{CGI.escapeHTML(script)}</command>
+          <command>#{xmlSafe(script)}</command>
         </scriptSource>
       </hudson.plugins.groovy.SystemGroovy>
       EOH
diff --git a/recipes/_worker-config-debian.rb b/recipes/_worker-config-debian.rb
@@ -72,11 +72,12 @@
         variables({
           :sonatypePass    => chef_vault_item("worker-publish", "sonatype")['pass'],
           :sonatypeUser    => chef_vault_item("worker-publish", "sonatype")['user'],
-          :privateRepoPass => CGI.escapeHTML(chef_vault_item("worker-publish", "private-repo")['pass']), # OMG more papercuts
+          :privateRepoPass => chef_vault_item("worker-publish", "private-repo")['pass'],
           :privateRepoUser => chef_vault_item("worker-publish", "private-repo")['user'],
           :s3DownloadsPass => chef_vault_item("worker-publish", "s3-downloads")['pass'],
           :s3DownloadsUser => chef_vault_item("worker-publish", "s3-downloads")['user']
         })
+        helpers(ScalaJenkinsInfra::JobBlurbs)
       end
     end
 
diff --git a/recipes/_worker-config-rhel.rb b/recipes/_worker-config-rhel.rb
@@ -27,9 +27,10 @@
       sensitive true
 
       variables({
-        :privateRepoPass => CGI.escapeHTML(chef_vault_item("worker", "private-repo-public-jobs")['pass']),
+        :privateRepoPass => chef_vault_item("worker", "private-repo-public-jobs")['pass'],
         :privateRepoUser => chef_vault_item("worker", "private-repo-public-jobs")['user']
       })
+      helpers(ScalaJenkinsInfra::JobBlurbs)
     end
   end
 end
diff --git a/templates/default/m2-settings-public-jobs.xml.erb b/templates/default/m2-settings-public-jobs.xml.erb
@@ -12,7 +12,7 @@
     <server>
       <id>pr-scala</id>
       <username><%= @privateRepoUser %></username>
-      <password><%= @privateRepoPass %></password>
+      <password><%= xmlSafe(@privateRepoPass) %></password>
     </server>
   </servers>
 
@@ -27,7 +27,7 @@
         </repository>
         <repository>
           <id>scala-release-temp</id>
-          <name>Scala Relese snapshots</name>
+          <name>Scala Release snapshots</name>
           <url><%=node['repos']['private']['release-temp']%></url>
         </repository>
       </repositories>
diff --git a/templates/default/m2-settings.xml.erb b/templates/default/m2-settings.xml.erb
@@ -17,7 +17,7 @@
     <server>
       <id>private-repo</id>
       <username><%= @privateRepoUser %></username>
-      <password><%= @privateRepoPass %></password>
+      <password><%= xmlSafe(@privateRepoPass) %></password>
     </server>
     <!-- <server>
       <id>mirror</id>
