Merge pull request #574 from daniel-beck/javadoc-system-properties

jglick · web-flow · commit ce8e046debdd · 2024-08-13T14:31:04.000-04:00
Add Javadoc for system property escape hatches
diff --git a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
@@ -93,10 +93,28 @@
 @Extension
 public final class ScriptApproval extends GlobalConfiguration implements RootAction {
 
+    /**
+     * SECURITY-2450: Since 1172.v35f6a_0b_8207e, unmodified, unsandboxed scripts are no longer automatically approved
+     * when administrators submit job configuration forms.
+     * <p>
+     *     This flag restores the previous behavior when set to {@code true}.
+     * </p>
+     *
+     * @see <a href="https://github.com/jenkinsci/script-security-plugin/releases/tag/1172.v35f6a_0b_8207e">1172.v35f6a_0b_8207e changelog</a>
+     */
     @SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL", justification = "for script console")
     public static /* non-final */ boolean ADMIN_AUTO_APPROVAL_ENABLED =
             SystemProperties.getBoolean(ScriptApproval.class.getName() + ".ADMIN_AUTO_APPROVAL_ENABLED");
 
+    /**
+     * SECURITY-3103: Since 1265.va_fb_290b_4b_d34, administrators saving jobs (e.g., when copying existing jobs with
+     * unapproved scripts) will no longer result in unapproved scripts in those configurations being approved.
+     * <p>
+     *     This flag restores the previous behavior when set to {@code true}.
+     * </p>
+     *
+     * @see <a href="https://github.com/jenkinsci/script-security-plugin/releases/tag/1265.va_fb_290b_4b_d34">1265.va_fb_290b_4b_d34 changelog</a>
+     */
     @SuppressFBWarnings(value = "MS_SHOULD_BE_FINAL", justification = "for script console")
     public static /* non-final */ boolean ALLOW_ADMIN_APPROVAL_ENABLED =
             SystemProperties.getBoolean(ScriptApproval.class.getName() + ".ALLOW_ADMIN_APPROVAL_ENABLED");
