private boolean isLocationWhitelisted()

in core/src/main/java/jenkins/security/ClassFilterImpl.java [191:256]

• 65 lines of code
• 18 McCabe index (conditional complexity)

    private boolean isLocationWhitelisted(String _loc) {
        return codeSourceCache.computeIfAbsent(_loc, loc -> {
            if (loc.equals(JENKINS_LOC)) {
                LOGGER.log(Level.FINE, "{0} seems to be the location of Jenkins core, OK", loc);
                return true;
            }
            if (loc.equals(REMOTING_LOC)) {
                LOGGER.log(Level.FINE, "{0} seems to be the location of Remoting, OK", loc);
                return true;
            }
            if (loc.matches("file:/.+[.]jar")) {
                try (JarFile jf = new JarFile(new File(new URI(loc)), false)) {
                    Manifest mf = jf.getManifest();
                    if (mf != null) {
                        if (isPluginManifest(mf)) {
                            LOGGER.log(Level.FINE, "{0} seems to be a Jenkins plugin, OK", loc);
                            return true;
                        } else {
                            LOGGER.log(Level.FINE, "{0} does not look like a Jenkins plugin", loc);
                        }
                    } else {
                        LOGGER.log(Level.FINE, "ignoring {0} with no manifest", loc);
                    }
                } catch (Exception x) {
                    LOGGER.log(Level.WARNING, "problem checking " + loc, x);
                }
            }
            Matcher m = CLASSES_JAR.matcher(loc);
            if (m.matches()) {
                // Cf. ClassicPluginStrategy.createClassJarFromWebInfClasses: handle legacy plugin format with unpacked WEB-INF/classes/
                try {
                    File manifestFile = new File(new URI(m.group(1) + "META-INF/MANIFEST.MF"));
                    if (manifestFile.isFile()) {
                        try (InputStream is = new FileInputStream(manifestFile)) {
                            if (isPluginManifest(new Manifest(is))) {
                                LOGGER.log(Level.FINE, "{0} looks like a Jenkins plugin based on {1}, OK", new Object[] {loc, manifestFile});
                                return true;
                            } else {
                                LOGGER.log(Level.FINE, "{0} does not look like a Jenkins plugin", manifestFile);
                            }
                        }
                    } else {
                        LOGGER.log(Level.FINE, "{0} has no matching {1}", new Object[] {loc, manifestFile});
                    }
                } catch (Exception x) {
                    LOGGER.log(Level.WARNING, "problem checking " + loc, x);
                }
            }
            if (loc.endsWith("/target/classes/") || loc.matches(".+/build/classes/[^/]+/main/")) {
                LOGGER.log(Level.FINE, "{0} seems to be current plugin classes, OK", loc);
                return true;
            }
            if (Main.isUnitTest) {
                if (loc.endsWith("/target/test-classes/") || loc.endsWith("-tests.jar") || loc.matches(".+/build/classes/[^/]+/test/")) {
                    LOGGER.log(Level.FINE, "{0} seems to be test classes, OK", loc);
                    return true;
                }
                if (loc.matches(".+/jenkins-test-harness-.+[.]jar")) {
                    LOGGER.log(Level.FINE, "{0} seems to be jenkins-test-harness, OK", loc);
                    return true;
                }
            }
            LOGGER.log(Level.FINE, "{0} is not recognized; rejecting", loc);
            return false;
        });
    }