CVE-2020-2261 PoC — CloudBees Jenkins Perfecto 操作系统命令注入漏洞

Source

Associated Vulnerability

Readme

<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/perfecto.jpg" height="75" width="300"/>

# Perfecto Jenkins Plugin

Perfecto Jenkins Plugin provides the ability to auto-create/ re-use existing Perfecto Connect tunnel-id in build environment. 


# Table of Contents

- [Perfecto Jenkins Plugin](#perfecto-jenkins-plugin)
- [Table of Contents](#table-of-contents)
  - [Prerequisites](#prerequisites)
  - [1. Steps to Enable the plugin](#1-steps-to-enable-the-plugin)
    - [Screenshots](#screenshots)
      - [Mac](#mac)
      - [Windows](#windows)
    - [Advanced Options](#advanced-options)
  - [2. Usage](#2-usage)
    - [Maven Sample](#maven-sample)
    - [Gradle Sample](#gradle-sample)
  - [3. Steps to Stop Perfecto Connect](#3-steps-to-stop-perfecto-connect)
  - [Advanced Usage](#advanced-usage)
    - [Perfecto Connect Pipeline Sample](#perfecto-connect-pipeline-sample)
    - [Upload app to perfecto](#upload-app-to-perfecto)

## Prerequisites

* Download Perfecto Connect client, extract to any folder.
* Generate Perfecto Security Token (if not generated already) 
* Mac users should install Jenkins via [brew.](https://www.jenkins.io/download/lts/macos/)

## 1. Steps to Enable the plugin 

1.	Click New Item in Jenkins home page.</br>
2.	Enter Your preferred Item name.</br>
3.	Select any project type except pipeline.</br>
4.	Click OK.</br>
5.	Select Perfecto Connect checkbox under Build Environment (Refer Screenshots section)</br>
6.	Note: Get help from your Jenkins Administrator to create the below Perfecto credentials:</br>
	a.	Select Add option next to Credentials dropdown and select Jenkins. </br>
	b.	Select option: “Perfecto” under Kind dropdown in Add Credentials window.</br>
	c.	Provide Your Cloud Name, Username and Security Token and click on Add.</br>
	
<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/cred.png" height="260" width="760"/></br>

7.	Provide Perfecto Connect Path in Perfecto Connect Path text field. </br>
	a.	E.g.: - /Users/Mymac/Downloads</br>
8.	Provide Perfecto Connect File Name in Perfecto Connect File Name text field.</br>
	a.	E.g.: - Mac – perfectoconnect</br>
	b.	E.g.: - Windows – perfectoconnect64.exe or perfectoconnect32.exe</br>

### Screenshots
#### Mac
<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/mac.png" height="260" width="760"/>
	 
#### Windows
<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/win.png" height="260" width="760"/>

### Advanced Options

You can provide Advanced options such as Perfecto Connect Additional Parameters, Override Tunnel ID  Name and Existing Tunnel ID.</br>
1.	Additional Parameters</br>
	a.	Provide Perfecto Connect parameters such as bridgeproxyip, bridgeproxyport</br>
	b.	E.g.: - --bridgeproxyip=127.0.0.1 --bridgeproxyport=8888</br>
2.	You can override Tunnel ID Environment Variable name in Override Tunnel ID Name in text field. (The default Jenkins Build Environment variable name is tunnelId)</br>
3.	You can reuse already created Tunnel ID in Existing Tunnel ID text field.</br>

<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/4.png" height="200" width="620"/></br>

## 2. Usage

### Maven Sample

<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/6.png" height="300" width="800"/>
 
### Gradle Sample

<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/7.png" height="360" width="800"/>
 
 
## 3. Steps to Stop Perfecto Connect

1.	Add a Post Build task under Post Build Action.</br>
2.	Enter the below script under Script text field.</br>

<img src="https://github.com/PerfectoMobileSA/perfecto-plugin/blob/master/DOC/5.png" height="360" width="760"/></br>
 
## Advanced Usage

### Perfecto Connect Pipeline Sample

1.	Create a new Pipeline and add the below code to pipeline script text field.</br>
2.	Update cloudName, securityToken and perfectoConnectPath as applicable.</br>

```import javax.swing.GroupLayout.ParallelGroup
import groovy.json.JsonSlurperClassic
import groovy.json.JsonSlurper
 
node {
String cloudName = "<<CLOUD NAME e.g. demo>>";
String securityToken = "<<SECURITY TOKEN>>";
String perfectoConnectPath = "/Users/myMac/Downloads/perfectoconnect";
    environment {
        tunnelId = ""
    }
    stage('perfectoconnect start'){
        if(cloudName.contains("<<")){
             error "Kindly update cloudName, securityToken and perfectoConnectPath"
        }
        String script = perfectoConnectPath + " start  -c " + cloudName + ".perfectomobile.com  -s " + securityToken;
        echo script;
        tunnelId = sh (script: script , returnStdout: true).trim()
        env.tunnelId = "${tunnelId}"
    }
    stage('script'){
        echo "Tunnel id: ${tunnelId}"
    }
    stage('perfectoconnect stop'){
        sh label: '', returnStdout: true, script: perfectoConnectPath + " stop"
    }
}
```

### Upload app to perfecto
	
Follow [this](https://developers.perfectomobile.com/display/TT/How+to+upload+file+to+the+repository+via+API+using+postman+or+curl) documentation to use curl and upload app to perfecto media repository.

File Snapshot

 [4.0K]  /data/pocs/e9c1bba7b2957db145a68f77ae4da668f11424ff
├── [4.0K]  DOC
│   ├── [ 68K]  4.png
│   ├── [141K]  5.png
│   ├── [ 53K]  6.png
│   ├── [110K]  7.png
│   ├── [135K]  cred.png
│   ├── [116K]  mac.png
│   ├── [ 14K]  perfecto.jpg
│   └── [ 89K]  win.png
├── [  33]  Jenkinsfile
├── [ 11K]  LICENSE.md
├── [10.0K]  pom.xml
├── [5.1K]  README.md
└── [4.0K]  src
    ├── [4.0K]  main
    │   ├── [4.0K]  java
    │   │   └── [4.0K]  io
    │   │       └── [4.0K]  plugins
    │   │           └── [4.0K]  perfecto
    │   │               ├── [4.0K]  credentials
    │   │               │   └── [ 10K]  PerfectoCredentials.java
    │   │               ├── [ 15K]  PerfectoBuildWrapper.java
    │   │               └── [1.8K]  PerfectoEnvironmentUtil.java
    │   ├── [4.0K]  resources
    │   │   ├── [ 175]  index.jelly
    │   │   └── [4.0K]  io
    │   │       └── [4.0K]  plugins
    │   │           └── [4.0K]  perfecto
    │   │               ├── [ 558]  BuildUtils.template
    │   │               ├── [4.0K]  credentials
    │   │               │   └── [4.0K]  PerfectoCredentials
    │   │               │       ├── [ 595]  credentials.jelly
    │   │               │       ├── [ 191]  help-apiKey.html
    │   │               │       ├── [  56]  help-cloudName.html
    │   │               │       ├── [ 357]  help-shortLivedConfig.html
    │   │               │       ├── [  87]  help-userName.html
    │   │               │       └── [4.0K]  ShortLivedConfig
    │   │               │           └── [ 221]  config.jelly
    │   │               └── [4.0K]  PerfectoBuildWrapper
    │   │                   ├── [1.3K]  config.jelly
    │   │                   ├── [ 235]  help-credentialId.html
    │   │                   ├── [ 166]  help.html
    │   │                   ├── [ 281]  help-pcParameters.html
    │   │                   ├── [ 263]  help-perfectoConnectFile.html
    │   │                   ├── [ 399]  help-perfectoConnectLocation.html
    │   │                   ├── [  63]  help-reuseTunnelId.html
    │   │                   └── [ 102]  help-tunnelIdCustomName.html
    │   └── [4.0K]  webapp
    │       └── [4.0K]  images
    │           └── [161K]  perfecto.png
    └── [4.0K]  test
        └── [4.0K]  java
            └── [4.0K]  io
                └── [4.0K]  jenkins
                    └── [4.0K]  plugins
                        └── [4.0K]  perfecto
                            └── [ 756]  ConfigureTest.java

24 directories, 33 files

Remarks