Details
-
New Feature
-
Status: Resolved (View Workflow)
-
Major
-
Resolution: Fixed
-
None
Description
Since it is not recommended to allow users to add arbitrary classpath elements to scripts, there should be a facility to let administrators define trusted classpath additions (JARs outside of plugins) that users may elect to use from their scripts.
Attachments
Issue Links
- is related to
-
-
- Resolved
-
Activity
I think there is no need for designated access to plugins; should suffice to use PluginManager.uberClassLoader as the default base classloader for scripts, and let particular plugin methods be whitelisted for the sandbox when it is appropriate.
ikedam
added a comment - So you mean:
- As jar files can be added by a non-administrator user, administrators want to control them via script-security-plugin.
- Plugins are installed only by administrators and administrators already can control them.
ikedam
added a comment - So you mean:
As jar files can be added by a non-administrator user, administrators want to control them via script-security-plugin.
Plugins are installed only by administrators and administrators already can control them.
Exactly.
In the case of approved scripts, custom JARs pose a hypothetical risk, that using Groovy tricks they could be used to make a script do something very different from what it looks to be doing. No such attack should be possible just by depending on a plugin, unless of course the plugin were malicious—but we assume they are not, since if they were, they could already completely control Jenkins.
In the case of the Groovy sandbox, you can trivially add @Whitelisted to anything in a custom JAR, as well as perhaps using the aforementioned Groovy tricks, so clearly an administrator would need to review the JAR. Plugins which whitelist their own methods are assumed to be doing so because those methods are in fact safe.
ikedam
added a comment - Pull request
https://github.com/jenkinsci/script-security-plugin/pull/1 Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/AdditionalClasspath.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/AdditionalClasspath/config.jelly
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript/config.jelly
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest/README.md
http://jenkins-ci.org/commit/script-security-plugin/1bd2137f24d27a24083b021ed6432d04328edab4
Log:
JENKINS-22834 Add a feature to specify additional class paths.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/AdditionalClasspath.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedClasspathException.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
http://jenkins-ci.org/commit/script-security-plugin/f02fb0de45f301c2d733ec7283ea18e7951247cc
Log:
[FIXED JENKINS-22834] Added feature for classpath approval.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/AdditionalClasspath/config.jelly
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
http://jenkins-ci.org/commit/script-security-plugin/780459f7057cea7342a8c069b15c487b59ee9a0a
Log:
JENKINS-22834 Connect view with controller with ajax.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
http://jenkins-ci.org/commit/script-security-plugin/662cab314c964c494e8825d9ea6c8bd2f4af772e
Log:
JENKINS-22834 Render classpaths with ajax.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
http://jenkins-ci.org/commit/script-security-plugin/f66bf2061857365fc559c1af609304a1678b3f3e
Log:
JENKINS-22834 Allow delete an approved classpath.
Code changed in jenkins
User: ikedam
Path:
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
http://jenkins-ci.org/commit/script-security-plugin/2cf0f0e2588db1c841883db32a2cecf8b5627582
Log:
JENKINS-22834 Updated tests to approve classpaths.
Code changed in jenkins
User: ikedam
Path:
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest/script-security-plugin-testjar.jar
src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest/updated/script-security-plugin-testjar.jar
http://jenkins-ci.org/commit/script-security-plugin/e78155e370e732c8066a0796d808db7ab8bcb16a
Log:
JENKINS-22834 Added tests for classpath identity.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/AdditionalClasspath.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/AdditionalClasspath/help-path.html
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/Messages.properties
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript/help-additionalClasspathList.html
http://jenkins-ci.org/commit/script-security-plugin/c00383ed9c1be07ebb047250518846c33a486c26
Log:
JENKINS-22834 Added help texts and input validations.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
http://jenkins-ci.org/commit/script-security-plugin/e2b1cb9155bf14cef28b7f16ea63271614d3b05b
Log:
JENKINS-22834 Added tests for automatic approval.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java
http://jenkins-ci.org/commit/script-security-plugin/c2841deb05927bdd31aafabd0350c29031a6ecbc
Log:
JENKINS-22834 Added tests for classpaths handling in the scriptApproval page.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
http://jenkins-ci.org/commit/script-security-plugin/51c74b6682d8e55acf29440f5404e1f21332e0a8
Log:
JENKINS-22834 Pareparation to merge. Revereted unrelated changes.
Working on a variant in: https://github.com/jenkinsci/script-security-plugin/pull/2
Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ApprovalListener.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalLink.java
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/UnapprovedClasspathException.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript/config.jelly
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript/help-classpath.html
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry/config.jelly
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry/help-path.html
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties
src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntryTest.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java
src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest/README.md
src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest/script-security-plugin-testjar.jar
src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest/updated/script-security-plugin-testjar.jar
http://jenkins-ci.org/commit/script-security-plugin/5bc00e8bc41ed0980315fe25e97d81c0e038fa27
Log:
Merge pull request #2 from jenkinsci/classpath
[FIXED JENKINS-22834] Support custom classpaths.
Compare: https://github.com/jenkinsci/script-security-plugin/compare/ccd8c9282618...5bc00e8bc41e
I also want a feature to approve plugins that can be accessed from groovy scripts.