Fix security warnings

1/28/2019 - 11:53 AM

#!groovy

import javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration
import jenkins.*
import jenkins.model.*
import jenkins.security.s2m.AdminWhitelistRule
import hudson.markup.RawHtmlMarkupFormatter
import hudson.security.csrf.DefaultCrumbIssuer

def env = System.getenv()
def jenkins = Jenkins.getInstance()

println "--> disabling scripts security for job dsl scripts"
GlobalConfiguration.all().get(GlobalJobDslSecurityConfiguration.class).useScriptSecurity=false

println "--> disabling the Jenkins CLI"
CLI.get().setEnabled(false)

if(jenkins.getCrumbIssuer() == null) {
    println "--> enabling CSRF Protection"
    jenkins.setCrumbIssuer(new DefaultCrumbIssuer(true))
    jenkins.save()
}

println "--> enabling slave master access control"
jenkins.injector.getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false);
jenkins.save()

println "--> setting num executors to 1"
jenkins.setNumExecutors(1)
jenkins.save()

println "--> setting url and email"
def jenkinsLocationConfiguration = JenkinsLocationConfiguration.get()
jenkinsLocationConfiguration.setUrl("http://localhost:${env.HTTP_PORT}")
jenkinsLocationConfiguration.setAdminAddress("Devops Jenkins <devops+jenkins@anatwine.com>")
jenkinsLocationConfiguration.save()

println "--> setting raw HTML formatter setting to false"
jenkins.setMarkupFormatter(new RawHtmlMarkupFormatter(false))
jenkins.save()

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Fix security warnings