StaticWhitelist.stockWhitelists for simplicity and efficiency

Author: jglick

src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/GenericWhitelist.java

@@ -24,18 +24,14 @@
 
 package org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists;
 
-import hudson.Extension;
 import java.io.IOException;
-import org.kohsuke.accmod.Restricted;
-import org.kohsuke.accmod.restrictions.NoExternalUse;
 
 /**
- * Includes entries useful for general kinds of scripts.
+ * @deprecated replaced by {@link StaticWhitelist#stockWhitelists}, now used only in tests
  */
-@Restricted(NoExternalUse.class)
-@Extension public final class GenericWhitelist extends ProxyWhitelist {
+@Deprecated
+public final class GenericWhitelist extends ProxyWhitelist {
 
-    // TODO replace this & JenkinsWhitelist with @Extension on a static method
     public GenericWhitelist() throws IOException {
         super(StaticWhitelist.from(GenericWhitelist.class.getResource("generic-whitelist")));
     }

src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/JenkinsWhitelist.java

@@ -46,9 +46,13 @@
 
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import hudson.Extension;
+import org.apache.commons.io.input.SequenceReader;
 import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException;
+import org.jenkinsci.plugins.scriptsecurity.sandbox.Whitelist;
 import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;
 import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.DoNotUse;
 import org.kohsuke.accmod.restrictions.NoExternalUse;
 
 /**
@@ -204,6 +208,17 @@ public static StaticWhitelist from(URL definition) throws IOException {
         }
     }
 
+    @Restricted(DoNotUse.class)
+    @Extension public static Whitelist stockWhitelists() throws IOException {
+        try (InputStream gis = StaticWhitelist.class.getResourceAsStream("generic-whitelist");
+                Reader gr = new InputStreamReader(gis, StandardCharsets.UTF_8);
+                InputStream jis = StaticWhitelist.class.getResourceAsStream("jenkins-whitelist");
+                Reader jr = new InputStreamReader(jis, StandardCharsets.UTF_8);
+                Reader r = new SequenceReader(gr, jr)) {
+            return new StaticWhitelist(r);
+        }
+    }
+
     @Override protected List<MethodSignature> methodSignatures() {
         return methodSignatures;
     }

src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelist.java

@@ -36,7 +36,7 @@ public class GenericWhitelistTest {
     @Rule public ErrorCollector errors = new ErrorCollector();
 
     @Test public void sanity() throws Exception {
-        StaticWhitelistTest.sanity(GenericWhitelist.class.getResource("generic-whitelist"));
+        StaticWhitelistTest.sanity(StaticWhitelist.class.getResource("generic-whitelist"));
     }
 
     @Issue("SECURITY-538")

src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/GenericWhitelistTest.java

@@ -29,7 +29,7 @@
 public class JenkinsWhitelistTest {
 
     @Test public void sanity() throws Exception {
-        StaticWhitelistTest.sanity(JenkinsWhitelist.class.getResource("jenkins-whitelist"));
+        StaticWhitelistTest.sanity(StaticWhitelist.class.getResource("jenkins-whitelist"));
     }
 
 }