我正在尝试在WWW :: Mechanize中创建一个将在Hudson中构建作业的脚本。脚本是这样的:
$mech->post("$hudson_url/view/All/job/$job_name/build?delay=0sec", \%job_arguments);
问题是Hudson日志抱怨它预计会提交表单。以下内容摘自Hudson日志:
Caused by: java.lang.Error: This page expects a form submission
at org.kohsuke.stapler.RequestImpl.getSubmittedForm(RequestImpl.java:769)
at hudson.model.ParametersDefinitionProperty._doBuild(ParametersDefinitionProperty.java:116)
at hudson.model.AbstractProject.doBuild(AbstractProject.java:1531)
... 69 more
问题是,Hudson中的构建是参数化的,因此Hudson使用JavaScript生成表单。最终,Hudson将调用此URL。我怎样才能提出这个请求,以便哈德森认为我正在发表一个表格?
更新:我有Chrome中显示的请求数据。这是有效的:
Request URL:<url>/hudson/view/All/job/ReleaseThis/build?delay=0sec
Request Method:POST
Status Code:302 Moved Temporarily
Request Headers
Accept:application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:935
Content-Type:application/x-www-form-urlencoded
Cookie:screenResolution=1920x1080; JSESSIONID=B3F99F6C376318AB6331AE6F27917D52; screenResolution=1920x1080; __utmz=250097027.1291302888.1.1.utmcsr=...|utmccn=(referral)|utmcmd=referral|utmcct=/sig/Home.action; __utma=250097027.1666115034.1291302888.1291302888.1291302888.1
Host:<hudson_url>
Origin:<huson_url>
Referer:https://<hudson_url>/hudson/view/All/job/ReleaseThis/build?delay=0sec
User-Agent:Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.84 Safari/534.13
Query String Parameters
delay:0sec
Form Data
name:URL
value:https://<url>
value:1.12-SNAPSHOT
name:RELEASE_VERSION
value:1.12-TEST16
name:UPDATE_MASTER_POM
name:PROPERTY_NAME
value:
name:DEV_VERSION
value:
name:STABLE_VERSION
value:
json:{"parameter": [{"name": "URL", "value": <url>}, {"name": "SNAPSHOT_VERSION", "value": "1.12-SNAPSHOT"}, {"name": "RELEASE_VERSION", "value": "1.12-TEST16"}, {"name": "UPDATE_MASTER_POM", "value": false}, {"name": "PROPERTY_NAME", "value": ""}, {"name": "DEV_VERSION", "value": ""}, {"name": "STABLE_VERSION", "value": ""}]}
Submit:Build
Response Headers
Connection:close
Content-Length:0
Content-Type:text/plain; charset=UTF-8
Date:Fri, 04 Feb 2011 13:33:27 GMT
Location:https://<hudson.url>/hudson/view/All/job/ReleaseThis/
Server:Apache-Coyote/1.1
Via:1.1 <hudson.url>:8890 (Apache/2.2.3)
答案 0 :(得分:2)
有两种可能性,一种是将javascript生成的随机字符串作为其中一个字段,以防止CSRF攻击和bot自动提交。在这种情况下,您需要反转javascript算法来解析并发布字符串,或使用WWW::Scripter,但我还没有测试过。
其次,我相信更可能的选择是脚本检查前引用者,在这种情况下,只需通过编辑标题来设置引用者,你可能会很高兴。
还有一点需要注意的是,浏览器和perl脚本请求中的标题和cookie完全相同;因此,您可以首先get带有表单的页面,设置cookie,或者在脚本中自己设置。
没有一个措施无法绕过,因为你使用脚本,你只需要通过测试找到哪一个...