builds broken for tags containing '/'

Jenkins and plugins versions report

Environment

Jenkins: 2.401.1
OS: Linux - 6.3.4-1.el7.elrepo.x86_64
Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
active-directory:2.30
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
authentication-tokens:1.53.v1c90fd9191a_b_
basic-branch-build-strategies:71.vc1421f89888e
bootstrap5-api:5.2.3-1
bouncycastle-api:2.28
branch-api:2.1105.v472604208c55
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
cloudbees-bitbucket-branch-source:804.v8b_0642650b_d2
cloudbees-disk-usage-simple:182.v62ca_0c992a_f3
cloudbees-folder:6.815.v0dd5a_cb_40e0e
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
configuration-as-code:1646.v98b_72d209775
credentials:1254.vb_96f366e7b_a_d
credentials-binding:604.vb_64480b_c56ca_
display-url-api:2.3.7
docker-commons:419.v8e3cd84ef49c
docker-workflow:563.vd5d2e5c4007f
durable-task:507.v050055d0cb_dd
echarts-api:5.4.0-4
font-awesome-api:6.3.0-2
git:5.0.2
git-client:4.3.0
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
instance-identity:142.v04572ca_5b_265
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.1-344.v6eb_55303dc3e
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-8
jaxb:2.3.8-1
job-dsl:1.83
jquery3-api:3.7.0-1
junit:1207.va_09d5100410f
kubernetes:3937.vd7b_82db_e347b_
kubernetes-client-api:6.4.1-215.v2ed17097a_8e9
kubernetes-credentials:0.10.0
kubernetes-credentials-provider:1.211.vc236a_f5a_2f3c
mailer:457.v3f72cb_e015e5
matrix-auth:3.1.8
matrix-project:789.v57a_725b_63c79
metrics:4.2.18-438.v0ede325a_4c68
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
okhttp-api:4.10.0-132.v7a_7b_91cef39c
pipeline-build-step:491.v1fec530da_858
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:468.va_5db_051498a_4
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2133.ve46a_6113dfc3
pipeline-model-definition:2.2133.ve46a_6113dfc3
pipeline-model-extensions:2.2133.ve46a_6113dfc3
pipeline-rest-api:2.32
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2133.ve46a_6113dfc3
pipeline-stage-view:2.32
pipeline-utility-steps:2.15.3
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.2.1
prometheus:2.2.2
resource-disposer:0.22
scm-api:672.v64378a_b_20c60
script-security:1251.vfe552ed55f8d
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:305.v8f4381501156
structs:324.va_f5d6774f3a_d
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1213.v646def1087f9
workflow-basic-steps:1017.vb_45b_302f0cea_
workflow-cps:3673.v5b_dd74276262
workflow-durable-task-step:1247.v7f9dfea_b_4fd0
workflow-job:1301.v054d9cea_9593
workflow-multibranch:746.v05814d19c001
workflow-scm-step:408.v7d5b_135a_b_d49
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.45

What Operating System are you using (both controller, and any agents involved in the problem)?

Jenkins on kubernetes using the official docker image

Reproduction steps

create tag "some/test"
trigger a build manually (or wait for jenkins to try and build it)

Expected Results

The job runs

Actual Results

Branch indexing
com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketRequestException: HTTP request error. Status: 400: .
HttpResponseProxy{HTTP/1.1 400 [Content-Type: text/html;charset=utf-8, Content-Language: en, Content-Length: 775, Date: Thu, 01 Jun 2023 11:26:08 GMT, Connection: close] ResponseEntityProxy{[Content-Type: text/html;charset=utf-8,Content-Length: 775,Chunked: false]}}
at com.cloudbees.jenkins.plugins.bitbucket.server.client.BitbucketServerAPIClient.getRequest(BitbucketServerAPIClient.java:976)
at com.cloudbees.jenkins.plugins.bitbucket.server.client.BitbucketServerAPIClient.getResource(BitbucketServerAPIClient.java:902)
at com.cloudbees.jenkins.plugins.bitbucket.server.client.BitbucketServerAPIClient.getSingleTag(BitbucketServerAPIClient.java:625)
at com.cloudbees.jenkins.plugins.bitbucket.server.client.BitbucketServerAPIClient.getTag(BitbucketServerAPIClient.java:573)
at com.cloudbees.jenkins.plugins.bitbucket.server.client.BitbucketServerAPIClient.getTag(BitbucketServerAPIClient.java:130)
at com.cloudbees.jenkins.plugins.bitbucket.BitbucketSCMSource.retrieve(BitbucketSCMSource.java:898)
at jenkins.scm.api.SCMSource.fetch(SCMSource.java:581)
at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:99)
at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:312)
at hudson.model.ResourceController.execute(ResourceController.java:101)
at hudson.model.Executor.run(Executor.java:442)
Finished: FAILURE

Anything else?

It seems that version 804.v8b_0642650b_d2 broke builds for tags that contain a forward slash ( / ).

Tags without a slash work fine.
Branches with and without slashes work fine.

Rolling back to 800.va_b_b_9a_a_5035c1 fixes the issue

@Dohbedoh maybe you have an idea?

bitbucket-branch-source-plugin/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/server/client/BitbucketServerAPIClient.java

Line 143 in 8b06426

    
           private static final String API_TAG_PATH = API_REPOSITORY_PATH + "/tags/{tagName}";

bitbucket-branch-source-plugin/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/server/client/BitbucketServerAPIClient.java

Lines 618 to 623 in 8b06426

    
           private BitbucketServerBranch getSingleTag(String tagName) throws IOException, InterruptedException { 
        
               UriTemplate template = UriTemplate 
        
                   .fromTemplate(API_TAG_PATH) 
        
                   .set("owner", getUserCentricOwner()) 
        
                   .set("repo", repositoryName) 
        
                   .set("tagName", tagName);

I tested how Bitbucket Server reacts to requests at this URL. Apparently, if the tagName contains slashes, then they must be added to the URL as slashes. If I encode them as "%2F", then Bitbucket Server returns HTTP status 400.

I did not test whether the Bitbucket Branch Source plugin encodes the slashes. If it does, then this may be fixable by using "/tags/{+tagName}" in the URI template. https://datatracker.ietf.org/doc/html/rfc6570#section-3.2.3

https://developer.atlassian.com/server/bitbucket/rest/v806/api-group-repository/#api-api-latest-projects-projectkey-repos-repositoryslug-tags-name-get doesn't say what to do with slashes.

using "/tags/{+tagName}" in the URI template

However, if tagName contains a percent sign, I'm not sure whether that should be encoded as %25 anyway.
Perhaps safest to separately URI-encode tagName, then decode each %2F back to /, and finally plug the result into the {+tagName} URI template.

Looking into this.

I think we should probably use the Find Tags api for Bitbucket Server as this seems to work properly.

I tested a refs with the name specialbranch-\"$;><&#_=@\!|.,/test (branch and tag). And even with level 2 operator like {+tagName} it does not work because of other chars like $. But even if we get through that, the API does not find the tag anyway..

Will propose a fix soon. I created https://issues.jenkins.io/browse/JENKINS-71386.

But even if we get through that, the API does not find the tag anyway..

Has that been reported to Atlassian?

	private BitbucketServerBranch getSingleTag(String tagName) throws IOException, InterruptedException {
	UriTemplate template = UriTemplate
	.fromTemplate(API_TAG_PATH)
	.set("owner", getUserCentricOwner())
	.set("repo", repositoryName)
	.set("tagName", tagName);