Skip to content

Commit

Permalink
control not used of git protocol with credentials in FIPS mode
Browse files Browse the repository at this point in the history 
Signed-off-by: Olivier Lamy <[email protected]>
  • Loading branch information
@olamy
olamy committed Jul 29, 2024
1 parent f9668af commit 08a38cf
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/main/java/jenkins/plugins/git/GitSCMSource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,7 +416,7 @@ public List<SCMSourceTrait> getTraits() {
* @return will return {@code false} if using any credentials with a non TLS protocol with FIPS mode activated @see {@link FIPS140#useCompliantAlgorithms()}
*/
public static boolean isFIPSLtsCompliant(String credentialsId, String remoteUrl) {
return !FIPS140.useCompliantAlgorithms() || !StringUtils.isNotEmpty(credentialsId) || !StringUtils.startsWith(remoteUrl, "http:");
return !FIPS140.useCompliantAlgorithms() || !StringUtils.isNotEmpty(credentialsId) || (!StringUtils.startsWith(remoteUrl, "http:") && !StringUtils.startsWith(remoteUrl, "git:"));
}

@Symbol("git")
Expand Down
2 changes: 2 additions & 0 deletions src/test/java/hudson/plugins/git/FIPSModeUrlCheckTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ public void testFIPSLtsMethod() {
assertThat(GitSCMSource.isFIPSLtsCompliant("beer", "https://github.com/cheese/wine"), is(true));
assertThat(GitSCMSource.isFIPSLtsCompliant(null, "[email protected]:cheese/wine.git"), is(true));
assertThat(GitSCMSource.isFIPSLtsCompliant("beer", "[email protected]:cheese/wine.git"), is(true));
assertThat(GitSCMSource.isFIPSLtsCompliant(null, "git://github.com/cheese/wine"), is(true));
assertThat(GitSCMSource.isFIPSLtsCompliant("beer", "git://github.com/cheese/wine"), is(false));
}

@Test
Expand Down

0 comments on commit 08a38cf

Please sign in to comment.