From 643004c76c7e1a76fa4b4f43403544db5e83c615 Mon Sep 17 00:00:00 2001
From: Sarah Witt <sarah.witt@datadoghq.com>
Date: Tue, 28 Apr 2020 09:29:09 -0400
Subject: [PATCH 1/4] enforce POST in form validation

---
 .../datadog/DatadogGlobalConfiguration.java    | 10 ++++++++++
 .../DatadogGlobalConfiguration/config.jelly    | 18 +++++++++---------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
index 21f2df8d1..ec81b5440 100644
--- a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
+++ b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
@@ -39,6 +39,7 @@ of this software and associated documentation files (the "Software"), to deal
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.StaplerRequest;
+import org.kohsuke.stapler.verb.POST;
 
 import javax.servlet.ServletException;
 import java.io.IOException;
@@ -198,6 +199,7 @@ private void loadEnvVariables(){
      * @throws IOException      if there is an input/output exception.
      * @throws ServletException if there is a servlet exception.
      */
+    @POST
     public FormValidation doTestConnection(@QueryParameter("targetApiKey") final String targetApiKey)
             throws IOException, ServletException {
         if (DatadogHttpClient.validateDefaultIntakeConnection(this.getTargetApiURL(), Secret.fromString(targetApiKey))) {
@@ -218,6 +220,7 @@ public FormValidation doTestConnection(@QueryParameter("targetApiKey") final Str
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
+    @POST
     public FormValidation doTestHostname(@QueryParameter("hostname") final String hostname){
         if(DatadogUtilities.isValidHostname(hostname)) {
             return FormValidation.ok("Great! Your hostname is valid.");
@@ -238,6 +241,7 @@ private boolean validateTargetApiURL(final String targetApiURL){
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
+    @POST
     public FormValidation doCheckTargetApiURL(@QueryParameter("targetApiURL") final String targetApiURL) {
         if(!validateTargetApiURL(targetApiURL)) {
             return FormValidation.error("The field must be configured in the form <http|https>://<url>/");
@@ -258,6 +262,7 @@ private boolean validateTargetLogIntakeURL(final String targetLogIntakeURL) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
+    @POST
     public FormValidation doCheckTargetLogIntakeURL(@QueryParameter("targetLogIntakeURL") final String targetLogIntakeURL) {
         if (!validateTargetLogIntakeURL(targetLogIntakeURL)) {
             return FormValidation.error("The field must be configured in the form <http|https>://<url>/");
@@ -279,6 +284,8 @@ private boolean validateTargetHost(String targetHost) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
+
+    @POST
     public FormValidation doCheckTargetHost(@QueryParameter("targetHost") final String targetHost) {
         if (!validateTargetHost(targetHost)) {
             return FormValidation.error("Invalid Host");
@@ -300,6 +307,7 @@ private boolean validateTargetPort(String targetPort) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
+    @POST
     public FormValidation doCheckTargetPort(@QueryParameter("targetPort") final String targetPort) {
         if (!validateTargetPort(targetPort)) {
             return FormValidation.error("Invalid Port");
@@ -321,6 +329,8 @@ private boolean validateTargetLogCollectionPort(String targetLogCollectionPort)
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
+
+    @POST
     public FormValidation doCheckTargetLogCollectionPort(@QueryParameter("targetLogCollectionPort") final String targetLogCollectionPort) {
         if (!validateTargetLogCollectionPort(targetLogCollectionPort)) {
             return FormValidation.error("Invalid Port");
diff --git a/src/main/resources/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration/config.jelly b/src/main/resources/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration/config.jelly
index 791be7b8b..a2297a535 100644
--- a/src/main/resources/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration/config.jelly
+++ b/src/main/resources/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration/config.jelly
@@ -18,34 +18,34 @@
         checked="${instance.reportWithEquals('DSD')}" inline="true">
 
         <f:entry title="DogStatsD Host" field="targetHostEntry">
-          <f:textbox field="targetHost" default="${targetHost}" />
+          <f:textbox field="targetHost" default="${targetHost}" checkMethod="post" />
         </f:entry>
 
         <f:entry title="DogStatsD Port" field="targetPortEntry">
-          <f:textbox field="targetPort" default="${targetPort}" />
+          <f:textbox field="targetPort" default="${targetPort}" checkMethod="post" />
         </f:entry>
 
         <f:entry title="Log Collection Port" field="targetLogCollectionPortEntry">
-          <f:textbox field="targetLogCollectionPort" default="${targetLogCollectionPort}" />
+          <f:textbox field="targetLogCollectionPort" default="${targetLogCollectionPort}" checkMethod="post" />
         </f:entry>
 
     </f:radioBlock>
 
     <f:radioBlock title="Use Datadog API URL and Key to report to Datadog (not recommended)" name="reportWith" value="HTTP"
-        checked="${instance.reportWithEquals('HTTP')}" inline="true">
+        checked="${instance.reportWithEquals('HTTP')}" inline="true" >
 
         <f:entry title="Datadog API URL" field="targetApiURLEntry" description="URL which the plugin reports to." >
-          <f:textbox field="targetApiURL" default="${targetApiURL}" />
+          <f:textbox field="targetApiURL" default="${targetApiURL}" checkMethod="post" />
         </f:entry>
 
         <f:entry title="Datadog Log Intake URL" field="targetLogIntakeURLEntry" description="URL which the plugin reports logs to." >
-          <f:textbox field="targetLogIntakeURL" default="${targetLogIntakeURL}" />
+          <f:textbox field="targetLogIntakeURL" default="${targetLogIntakeURL}" checkMethod="post" />
         </f:entry>
 
         <f:entry title="Datadog API Key" field="targetApiKeyEntry">
-          <f:password field="targetApiKey" default="${targetApiKey}" />
+          <f:password field="targetApiKey" default="${targetApiKey}" checkMethod="post" />
         </f:entry>
-        <f:validateButton title="${%Test Key}" progress="${%Testing...}" method="testConnection" with="targetApiKey" />
+        <f:validateButton title="${%Test Key}" progress="${%Testing...}" method="testConnection" with="targetApiKey" checkMethod="post" />
 
     </f:radioBlock>
 
@@ -59,7 +59,7 @@
         <f:entry title="Hostname" field="hostnameEntry">
           <f:textbox field="hostname" default="${hostname}" />
         </f:entry>
-        <f:validateButton title="${%Test Hostname}" progress="${%Testing...}" method="testHostname" with="hostname" />
+        <f:validateButton title="${%Test Hostname}" progress="${%Testing...}" method="testHostname" with="hostname" checkMethod="post" />
 
         <f:entry title="Blacklisted Jobs" description="A comma-separated list of job names that should not monitored." >
           <f:textarea field="blacklist" optional="true" default="${blacklist}" />

From 49d6b6a6d70235aa37e27e6628e6b4d50361bd08 Mon Sep 17 00:00:00 2001
From: Sarah Witt <witt.s@husky.neu.edu>
Date: Tue, 12 May 2020 09:35:09 -0400
Subject: [PATCH 2/4] Update
 src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java

Co-authored-by: Florian Veaux <florian.veaux@datadoghq.com>
---
 .../jenkins/plugins/datadog/DatadogGlobalConfiguration.java      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
index ec81b5440..f5a0fc60c 100644
--- a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
+++ b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
@@ -284,7 +284,6 @@ private boolean validateTargetHost(String targetHost) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-
     @POST
     public FormValidation doCheckTargetHost(@QueryParameter("targetHost") final String targetHost) {
         if (!validateTargetHost(targetHost)) {

From 98c30c8fd3b473d420c14f268a3700f7f595cee4 Mon Sep 17 00:00:00 2001
From: Sarah Witt <witt.s@husky.neu.edu>
Date: Tue, 12 May 2020 09:35:14 -0400
Subject: [PATCH 3/4] Update
 src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java

Co-authored-by: Florian Veaux <florian.veaux@datadoghq.com>
---
 .../jenkins/plugins/datadog/DatadogGlobalConfiguration.java      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
index f5a0fc60c..eca5ae87b 100644
--- a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
+++ b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
@@ -328,7 +328,6 @@ private boolean validateTargetLogCollectionPort(String targetLogCollectionPort)
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-
     @POST
     public FormValidation doCheckTargetLogCollectionPort(@QueryParameter("targetLogCollectionPort") final String targetLogCollectionPort) {
         if (!validateTargetLogCollectionPort(targetLogCollectionPort)) {

From b3d4bb183792c29f47895834e0266cdc94ed753a Mon Sep 17 00:00:00 2001
From: Sarah Witt <sarah.witt@datadoghq.com>
Date: Wed, 17 Jun 2020 09:23:15 -0400
Subject: [PATCH 4/4] Use require post

---
 .../datadog/DatadogGlobalConfiguration.java      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
index eca5ae87b..447d7ca5e 100644
--- a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
+++ b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogGlobalConfiguration.java
@@ -39,7 +39,7 @@ of this software and associated documentation files (the "Software"), to deal
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
 import org.kohsuke.stapler.StaplerRequest;
-import org.kohsuke.stapler.verb.POST;
+import org.kohsuke.stapler.interceptor.RequirePOST;
 
 import javax.servlet.ServletException;
 import java.io.IOException;
@@ -199,7 +199,7 @@ private void loadEnvVariables(){
      * @throws IOException      if there is an input/output exception.
      * @throws ServletException if there is a servlet exception.
      */
-    @POST
+    @RequirePOST
     public FormValidation doTestConnection(@QueryParameter("targetApiKey") final String targetApiKey)
             throws IOException, ServletException {
         if (DatadogHttpClient.validateDefaultIntakeConnection(this.getTargetApiURL(), Secret.fromString(targetApiKey))) {
@@ -220,7 +220,7 @@ public FormValidation doTestConnection(@QueryParameter("targetApiKey") final Str
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-    @POST
+    @RequirePOST
     public FormValidation doTestHostname(@QueryParameter("hostname") final String hostname){
         if(DatadogUtilities.isValidHostname(hostname)) {
             return FormValidation.ok("Great! Your hostname is valid.");
@@ -241,7 +241,7 @@ private boolean validateTargetApiURL(final String targetApiURL){
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-    @POST
+    @RequirePOST
     public FormValidation doCheckTargetApiURL(@QueryParameter("targetApiURL") final String targetApiURL) {
         if(!validateTargetApiURL(targetApiURL)) {
             return FormValidation.error("The field must be configured in the form <http|https>://<url>/");
@@ -262,7 +262,7 @@ private boolean validateTargetLogIntakeURL(final String targetLogIntakeURL) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-    @POST
+    @RequirePOST
     public FormValidation doCheckTargetLogIntakeURL(@QueryParameter("targetLogIntakeURL") final String targetLogIntakeURL) {
         if (!validateTargetLogIntakeURL(targetLogIntakeURL)) {
             return FormValidation.error("The field must be configured in the form <http|https>://<url>/");
@@ -284,7 +284,7 @@ private boolean validateTargetHost(String targetHost) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-    @POST
+    @RequirePOST
     public FormValidation doCheckTargetHost(@QueryParameter("targetHost") final String targetHost) {
         if (!validateTargetHost(targetHost)) {
             return FormValidation.error("Invalid Host");
@@ -306,7 +306,7 @@ private boolean validateTargetPort(String targetPort) {
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-    @POST
+    @RequirePOST
     public FormValidation doCheckTargetPort(@QueryParameter("targetPort") final String targetPort) {
         if (!validateTargetPort(targetPort)) {
             return FormValidation.error("Invalid Port");
@@ -328,7 +328,7 @@ private boolean validateTargetLogCollectionPort(String targetLogCollectionPort)
      * @return a FormValidation object used to display a message to the user on the configuration
      * screen.
      */
-    @POST
+    @RequirePOST
     public FormValidation doCheckTargetLogCollectionPort(@QueryParameter("targetLogCollectionPort") final String targetLogCollectionPort) {
         if (!validateTargetLogCollectionPort(targetLogCollectionPort)) {
             return FormValidation.error("Invalid Port");