Adjust automated tests for security fix

MarkEWaite · MarkEWaite · commit a1cf60782b1a · 2025-12-06T08:16:07.000-07:00
One of the tests was asserting that the security issue exists.
Nice because that means that there is automated testing for at least
one of the changes for security.
diff --git a/src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/SystemGroovyChoiceListProviderJenkinsTest.java b/src/test/java/jp/ikedam/jenkins/plugins/extensible_choice_parameter/SystemGroovyChoiceListProviderJenkinsTest.java
@@ -223,7 +223,7 @@ void testDescriptor_doFillDefaultChoiceItemsWithoutPermission() throws Exception
                 descriptor.getDescriptorUrl() + "/fillDefaultChoiceItems/?script=" + properScript + "&sandbox=" + true
                         + "&usePredefinedVariables=" + false,
                 null);
-        assertEquals(HttpServletResponse.SC_OK, page.getWebResponse().getStatusCode());
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, page.getWebResponse().getStatusCode());
 
         // configurer has access to the job but without Item/Configure permission => 403
         User configurer = User.getOrCreateByIdOrFullName("configurer");
@@ -234,7 +234,7 @@ void testDescriptor_doFillDefaultChoiceItemsWithoutPermission() throws Exception
                 p.getUrl() + descriptor.getDescriptorUrl() + "/fillDefaultChoiceItems/?script=" + properScript
                         + "&sandbox=" + true + "&usePredefinedVariables=" + false,
                 null);
-        assertEquals(HttpServletResponse.SC_FORBIDDEN, page.getWebResponse().getStatusCode());
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, page.getWebResponse().getStatusCode());
     }
 
     @Test
@@ -326,7 +326,7 @@ void testDescriptor_doTestWithoutPermission() throws Exception {
                 descriptor.getDescriptorUrl() + "/test/?script=" + properScript + "&sandbox=" + true
                         + "&usePredefinedVariables=" + false,
                 null);
-        assertEquals(HttpServletResponse.SC_OK, page.getWebResponse().getStatusCode());
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, page.getWebResponse().getStatusCode());
 
         // configurer has access to the job but without Item/Configure permission => 403
         User configurer = User.getOrCreateByIdOrFullName("configurer");
@@ -337,7 +337,7 @@ void testDescriptor_doTestWithoutPermission() throws Exception {
                 p,
                 descriptor.getDescriptorUrl() + "/test/?script=" + properScript + "&sandbox=" + true
                         + "&usePredefinedVariables=" + false);
-        assertEquals(HttpServletResponse.SC_FORBIDDEN, page.getWebResponse().getStatusCode());
+        assertEquals(HttpServletResponse.SC_NOT_FOUND, page.getWebResponse().getStatusCode());
     }
 
     @Test
