code-coverage-api-plugin
code-coverage-api-plugin copied to clipboard
Published
20 hours ago •
jenkinsci
jenkinsci
Source code view sanitizes away parts of code
Jenkins and plugins versions report
Environment
Jenkins: 2.414.1
OS: Linux - 5.4.247-162.350.amzn2.x86_64
Java: 11.0.20 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
Office-365-Connector:4.20.0
ansicolor:1.0.3
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
artifact-manager-s3:822.vf129d4836c31
atlassian-jira-software-cloud:2.0.9
audit-trail:333.vb_e1b_b_0f1238c
authentication-tokens:1.53.v1c90fd9191a_b_
authorize-project:1.7.1
aws-credentials:191.vcb_f183ce58b_9
aws-global-configuration:128.ve2c5685a_09c3
aws-java-sdk:1.12.529-406.vdeff15e5817d
aws-java-sdk-cloudformation:1.12.529-406.vdeff15e5817d
aws-java-sdk-codebuild:1.12.529-406.vdeff15e5817d
aws-java-sdk-ec2:1.12.529-406.vdeff15e5817d
aws-java-sdk-ecr:1.12.529-406.vdeff15e5817d
aws-java-sdk-ecs:1.12.529-406.vdeff15e5817d
aws-java-sdk-efs:1.12.529-406.vdeff15e5817d
aws-java-sdk-elasticbeanstalk:1.12.529-406.vdeff15e5817d
aws-java-sdk-iam:1.12.529-406.vdeff15e5817d
aws-java-sdk-kinesis:1.12.529-406.vdeff15e5817d
aws-java-sdk-logs:1.12.529-406.vdeff15e5817d
aws-java-sdk-minimal:1.12.529-406.vdeff15e5817d
aws-java-sdk-secretsmanager:1.12.529-406.vdeff15e5817d
aws-java-sdk-sns:1.12.529-406.vdeff15e5817d
aws-java-sdk-sqs:1.12.529-406.vdeff15e5817d
aws-java-sdk-ssm:1.12.529-406.vdeff15e5817d
badge:1.9.1
basic-branch-build-strategies:81.v05e333931c7d
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-user-vars-plugin:1.9
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.0
cloudbees-disk-usage-simple:182.v62ca_0c992a_f3
cloudbees-folder:6.848.ve3b_fd7839a_81
cobertura:1.17
code-coverage-api:4.7.0
command-launcher:100.v2f6722292ee8
commons-httpclient3-api:3.1-3
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
configuration-as-code:1670.v564dc8b_982d0
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
data-tables-api:1.13.5-1
display-url-api:2.3.9
docker-commons:439.va_3cb_0a_6a_fb_29
docker-workflow:572.v950f58993843
dtkit-api:3.0.2
durable-task:523.va_a_22cf15d5e0
echarts-api:5.4.0-5
email-ext:2.100
envinject:2.908.v66a_774b_31d93
envinject-api:1.199.v3ce31253ed13
file-operations:131.v32b_e7824fe95
folder-properties:1.2.1
font-awesome-api:6.4.0-2
forensics-api:2.3.0
git:5.2.0
git-client:4.4.0
github:1.37.3
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1732.v3f1889a_c475b_
github-scm-trait-notification-context:1.1
htmlpublisher:1.32
http_request:1.18
inline-pipeline:1.0.2
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jjwt-api:0.11.5-77.v646c772fddb_0
job-dsl:1.84
jquery3-api:3.7.0-1
junit:1217.v4297208a_a_b_ce
keycloak:2.3.0
kubernetes:4007.v633279962016
kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
kubernetes-credentials:0.10.0
kubernetes-credentials-provider:1.225.v14f9e6b_28f53
lockable-resources:1185.v0c528656ce04
mailer:463.vedf8358e006b_
mask-passwords:150.vf80d33113e80
matrix-auth:3.1.10
matrix-project:808.v5a_b_5f56d6966
metrics:4.2.18-442.v02e107157925
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
pipeline-build-step:505.v5f0844d8d126
pipeline-github:2.8-147.3206e8179b1c
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-graph-view:198.v0844db_6ca_554
pipeline-groovy-lib:671.v07c339c842e8
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
pipeline-utility-steps:2.16.0
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
prism-api:1.29.0-7
prometheus:2.2.3
resource-disposer:0.23
robot:3.4.0
scm-api:676.v886669a_199a_a_
script-security:1273.v66c1964f0dfd
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
sonar:2.15
ssh-agent:333.v878b_53c89511
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
sshd:3.303.vefc7119b_ec23
structs:325.vcb_307d2a_2782
timestamper:1.26
token-macro:384.vf35b_f26814ec
trilead-api:2.84.v72119de229b_7
uno-choice:2.7.2
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1261.va_2ff5204f17e
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3773.v505e0052522c
workflow-durable-task-step:1289.v4d3e7b_01546b_
workflow-job:1341.vd9fa_65f771dd
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45
xunit:3.1.3
What Operating System are you using (both controller, and any agents involved in the problem)?
Both GNU/Linux in K8s
Reproduction steps
- Publish test coverage results using
recordCoverage( tools: [[parser: 'COBERTURA', pattern: 'test_coverage_xml.xml']], sourceCodeRetention: 'EVERY_BUILD', qualityGates: [ [metric: 'LINE', threshold: 21], [metric: 'BRANCH', threshold: 9], ] ) - Navigate to coverage report, "Files" tab, and open one of the published files
Expected Results
The file is displayed verbatim, e.g. for C++
#include <memory>
using FooPtr = std::unique_ptr<Foo, FooDeleter>;
Actual Results
Parts of file are missing, specifically those resembling HTML tags which is frequently the case with C++:
#include
using FooPtr = std::unique_ptr;
Anything else?
No response
Yes, the rendering algorithm removes all unknown tags to prevent XSS in the moment. When rewriting the code using the Prism.js source code renderer I need to take care of that problem. (I think in the warnings plugin this is implemented correctly...)
