SoloFilePathFilter.java

package jenkins;

import javax.annotation.Nullable;
import java.io.File;

/**
 * Variant of {@link FilePathFilter} that assumes it is the sole actor.
 *
 * It throws {@link SecurityException} instead of returning false. This makes it the
 * convenient final wrapper for the caller.
 *
 * @author Kohsuke Kawaguchi
 */
public final class SoloFilePathFilter extends FilePathFilter {
    private final FilePathFilter base;

    private SoloFilePathFilter(FilePathFilter base) {
        this.base = base;
    }

    /**
     * Null-safe constructor.
     */
    public static @Nullable SoloFilePathFilter wrap(@Nullable FilePathFilter base) {
        if (base==null)     return null;
        return new SoloFilePathFilter(base);
    }

    private boolean noFalse(String op, File f, boolean b) {
        if (!b)
            throw new SecurityException("agent may not " + op + " " + f+"\nSee http://jenkins-ci.org/security-144 for more details");
        return true;
    }

    @Override
    public boolean read(File f) throws SecurityException {
        return noFalse("read",f,base.read(f));
    }

    @Override
    public boolean write(File f) throws SecurityException {
        return noFalse("write",f,base.write(f));
    }

    @Override
    public boolean symlink(File f) throws SecurityException {
        return noFalse("symlink",f,base.write(f));
    }

    @Override
    public boolean mkdirs(File f) throws SecurityException {
        return noFalse("mkdirs",f,base.mkdirs(f));
    }

    @Override
    public boolean create(File f) throws SecurityException {
        return noFalse("create",f,base.create(f));
    }

    @Override
    public boolean delete(File f) throws SecurityException {
        return noFalse("delete",f,base.delete(f));
    }

    @Override
    public boolean stat(File f) throws SecurityException {
        return noFalse("stat",f,base.stat(f));
    }
}