Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25119

Sandbox cannot handle methods Groovy provides additionally

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • script-security-plugin
    • None
    • Windows 8 64bit, Jenkins 1.509.4, groovy-postbuild 2.0, script-security 1.6

      Running a following script

      "30".toInteger();
      

      Results following error:

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.lang.String toInteger
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:63)
      	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:111)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:108)
      	at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall.callStatic(Unknown Source)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157)
      	at Script1.run(Script1.groovy)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:119)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript.evaluate(SecureGroovyScript.java:160)
      	at org.jvnet.hudson.plugins.groovypostbuild.GroovyPostbuildRecorder.perform(GroovyPostbuildRecorder.java:355)
      	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:19)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:780)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:752)
      	at hudson.model.Build$BuildExecution.post2(Build.java:183)
      	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:705)
      	at hudson.model.Run.execute(Run.java:1617)
      	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
      	at hudson.model.ResourceController.execute(ResourceController.java:88)
      	at hudson.model.Executor.run(Executor.java:237)
      

      It looks caused for String.toInteger() is not provided in JDK and additionally provided by Groovy.

          [JENKINS-25119] Sandbox cannot handle methods Groovy provides additionally

          Jesse Glick added a comment -

          I think this was already fixed in 1.11; file a PR with a test proving it (or demonstrating otherwise).

          Jesse Glick added a comment - I think this was already fixed in 1.11; file a PR with a test proving it (or demonstrating otherwise).

          ikedam added a comment -

          Now it works! Thanks.
          I'll add a test for that.

          ikedam added a comment - Now it works! Thanks. I'll add a test for that.

          Code changed in jenkins
          User: ikedam
          Path:
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/d90c1f5c5c4523157f7c42dd0bd410376ed5a78b
          Log:
          JENKINS-25119 Added a test for additional methods in the Groovy environment.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: ikedam Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/d90c1f5c5c4523157f7c42dd0bd410376ed5a78b Log: JENKINS-25119 Added a test for additional methods in the Groovy environment.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/1b3b7dc40512ca1401bb30ea280867400d85b344
          Log:
          Merge pull request #7 from ikedam/feature/JENKINS-25119_testDefaultGroovyMethods

          JENKINS-25119 a test for additional methods in the Groovy environment

          Compare: https://github.com/jenkinsci/script-security-plugin/compare/e016e3292f63...1b3b7dc40512

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/1b3b7dc40512ca1401bb30ea280867400d85b344 Log: Merge pull request #7 from ikedam/feature/ JENKINS-25119 _testDefaultGroovyMethods JENKINS-25119 a test for additional methods in the Groovy environment Compare: https://github.com/jenkinsci/script-security-plugin/compare/e016e3292f63...1b3b7dc40512

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/e7f8fa895cd3d69fe02ef89714bb09c4ef0fb15f
          Log:
          JENKINS-25119 Cleaning up test from #7.
          Also noting a closure bug perhaps related to JENKINS-28586: `it` does not work.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/e7f8fa895cd3d69fe02ef89714bb09c4ef0fb15f Log: JENKINS-25119 Cleaning up test from #7. Also noting a closure bug perhaps related to JENKINS-28586 : `it` does not work.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/c5cb52160a7a6296e6f9aee660d547abb18bb67d
          Log:
          Merge branch 'JENKINS-25119-addendum' into JENKINS-28586

          Compare: https://github.com/jenkinsci/script-security-plugin/compare/6d46df1cf867...c5cb52160a7a

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/c5cb52160a7a6296e6f9aee660d547abb18bb67d Log: Merge branch ' JENKINS-25119 -addendum' into JENKINS-28586 Compare: https://github.com/jenkinsci/script-security-plugin/compare/6d46df1cf867...c5cb52160a7a

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/c6d43e762aa89ed0f13182059d219775708baa61
          Log:
          Merge pull request #14 from jglick/JENKINS-25119-addendum

          JENKINS-25119 Cleaning up test from #7

          Compare: https://github.com/jenkinsci/script-security-plugin/compare/6f16f00e0f19...c6d43e762aa8

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/c6d43e762aa89ed0f13182059d219775708baa61 Log: Merge pull request #14 from jglick/ JENKINS-25119 -addendum JENKINS-25119 Cleaning up test from #7 Compare: https://github.com/jenkinsci/script-security-plugin/compare/6f16f00e0f19...c6d43e762aa8

          Another example I just ran into, not sure I should file a new issue or reopen this one:

          def date = Calendar.instance
          date.setTime(new Date())
          date.add(Calendar.HOUR_OF_DAY,-1)
          
          String oneHourAgo = date.getTime().format("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",TimeZone.getTimeZone('UTC'))
          

          Will trigger:

          [Pipeline] End of Pipeline
          org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.util.Date format java.lang.String sun.util.calendar.ZoneInfo
          	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:74)
          

          With nothing ever showing up in the script approval page.

          Baptiste Mathus added a comment - Another example I just ran into, not sure I should file a new issue or reopen this one: def date = Calendar.instance date.setTime( new Date()) date.add(Calendar.HOUR_OF_DAY,-1) String oneHourAgo = date.getTime().format( "yyyy-MM-dd 'T' HH:mm:ss.SSS 'Z' " ,TimeZone.getTimeZone( 'UTC' )) Will trigger: [Pipeline] End of Pipeline org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.util.Date format java.lang.String sun.util.calendar.ZoneInfo at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:74) With nothing ever showing up in the script approval page.

          Jeff Burke added a comment -

          seems like same is true for:
          org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.lang.String allWhiteSpace

          Jeff Burke added a comment - seems like same is true for: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.lang.String allWhiteSpace

          Jesse Glick added a comment -

          batmat potatopankakes adding comments to closed issues is a waste of time. If you have something reproducible in current software releases that does not look like an obvious duplicate of an open bug, file a fresh bug with complete steps to reproduce from scratch in a self-contained test case yada yada.

          Jesse Glick added a comment - batmat potatopankakes adding comments to closed issues is a waste of time. If you have something reproducible in current software releases that does not look like an obvious duplicate of an open bug, file a fresh bug with complete steps to reproduce from scratch in a self-contained test case yada yada.

            jglick Jesse Glick
            ikedam ikedam
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: