Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Component/s: script-security-plugin
-
Labels:None
-
Environment:Windows 8 64bit, Jenkins 1.509.4, groovy-postbuild 2.0, script-security 1.6
-
Similar Issues:
Description
Running a following script
"30".toInteger();
Results following error:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.lang.String toInteger at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:63) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:111) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:108) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157) at Script1.run(Script1.groovy) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:119) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript.evaluate(SecureGroovyScript.java:160) at org.jvnet.hudson.plugins.groovypostbuild.GroovyPostbuildRecorder.perform(GroovyPostbuildRecorder.java:355) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:780) at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:752) at hudson.model.Build$BuildExecution.post2(Build.java:183) at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:705) at hudson.model.Run.execute(Run.java:1617) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46) at hudson.model.ResourceController.execute(ResourceController.java:88) at hudson.model.Executor.run(Executor.java:237)
It looks caused for String.toInteger() is not provided in JDK and additionally provided by Groovy.
Attachments
Issue Links
- is related to
-
-
- Reopened
-
-
-
- Resolved
-
Activity
Code changed in jenkins
User: Jesse Glick
Path:
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
http://jenkins-ci.org/commit/script-security-plugin/c6d43e762aa89ed0f13182059d219775708baa61
Log:
Merge pull request #14 from jglick/JENKINS-25119-addendum
JENKINS-25119 Cleaning up test from #7
Compare: https://github.com/jenkinsci/script-security-plugin/compare/6f16f00e0f19...c6d43e762aa8
Another example I just ran into, not sure I should file a new issue or reopen this one:
def date = Calendar.instance date.setTime(new Date()) date.add(Calendar.HOUR_OF_DAY,-1) String oneHourAgo = date.getTime().format("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",TimeZone.getTimeZone('UTC'))
Will trigger:
[Pipeline] End of Pipeline org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.util.Date format java.lang.String sun.util.calendar.ZoneInfo at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:74)
With nothing ever showing up in the script approval page.
seems like same is true for:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.lang.String allWhiteSpace
Baptiste Mathus Jeff Burke adding comments to closed issues is a waste of time. If you have something reproducible in current software releases that does not look like an obvious duplicate of an open bug, file a fresh bug with complete steps to reproduce from scratch in a self-contained test case yada yada.
Code changed in jenkins
User: Jesse Glick
Path:
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
http://jenkins-ci.org/commit/script-security-plugin/c5cb52160a7a6296e6f9aee660d547abb18bb67d
Log:
Merge branch '
JENKINS-25119-addendum' intoJENKINS-28586Compare: https://github.com/jenkinsci/script-security-plugin/compare/6d46df1cf867...c5cb52160a7a