[JENKINS-25804] Whitelisted signature presets for Java standard APIs and Jenkins core APIs

Type: New Feature
Resolution: Won't Fix
Priority: Major
Component/s: script-security-plugin
Labels:
- followup

Similar Issues:
Powered by SuggestiMate

Show
Epic Link:
Pipeline Sandbox

Administrators often approve signatures for fundamental methods.

Ones in Java APIs like String.parseInt
Ones in Jenkins core like Result#isBetterThan

It's not useful that administrators have to approve all those methods.
And plugins would be preferred to provide methods returning primitive types.

I want whitelisted signature presets.

depends on

JENKINS-29541 workflow scripts can't use String.substring(int,int)

Resolved

is duplicated by

JENKINS-30520 Cannot use java.util.regex.Matcher class when workflow script is sandboxed

Resolved

JENKINS-34658 Whitelist more Functions for trivial operations on builtin types

Resolved

JENKINS-35253 Whitelist Groovy capitalize method from String for sandbox

Resolved

JENKINS-38836 Sandbox does not allow many utility methods

Resolved

is related to

JENKINS-35199 Scripts not permitted to use method java.lang.String isEmpty

Resolved

JENKINS-27953 Fails to load a matrix project for script-security

Resolved

JENKINS-35065 Let whitelists be defined with wildcards

Open

JENKINS-25833 Allow access to static members

Resolved

relates to

JENKINS-38926 Add a report about the sandbox usage

Open

links to

PR 12

(4 is related to, 1 relates to, 1 links to)

ikedam created issue - 2014-11-26 15:15

ikedam added a comment - 2014-11-26 15:16

The way to provide presets:

Built into script-security
Built into script-security and administrators can switch enabled/disabled.
- For the case administrators want complete restriction.
script-security provides "import signatures from a file" and signature files are distributed on Wiki page.
- For the case administrators don't want presets updated with plugin updates.

ikedam added a comment - 2014-11-26 15:16 The way to provide presets: Built into script-security Built into script-security and administrators can switch enabled/disabled. For the case administrators want complete restriction. script-security provides "import signatures from a file" and signature files are distributed on Wiki page. For the case administrators don't want presets updated with plugin updates.

Jesse Glick added a comment - 2014-11-26 17:40

The plugin already ships with a small static whitelist. It needs to be greatly expanded to cover clearly safe Java platform APIs (such as string manipulation), as well as neutral things in the Jenkins API. (Anything in the Jenkins API which calls checkPermission is generally OK to whitelist given a permissions check—this is a separate whitelist mode.)

I think it is best to just have this default whitelist be bundled in the plugin, so we can use routine plugin updates to distribute it. And I see no reason to make it configurable. Either there is a known (or reasonably suspected) risk from some method in the standard whitelist, in which case it should be removed and a plugin update distributed as a regular security fix; or there is not, and it should be included. Administrators should not be expected to do the deep thinking.

Jesse Glick added a comment - 2014-11-26 17:40 The plugin already ships with a small static whitelist. It needs to be greatly expanded to cover clearly safe Java platform APIs (such as string manipulation), as well as neutral things in the Jenkins API. (Anything in the Jenkins API which calls checkPermission is generally OK to whitelist given a permissions check—this is a separate whitelist mode.) I think it is best to just have this default whitelist be bundled in the plugin, so we can use routine plugin updates to distribute it. And I see no reason to make it configurable. Either there is a known (or reasonably suspected) risk from some method in the standard whitelist, in which case it should be removed and a plugin update distributed as a regular security fix; or there is not, and it should be included. Administrators should not be expected to do the deep thinking.

Jesse Glick made changes - 2014-12-01 15:22

Link

New: This issue is related to ~~JENKINS-25833~~ [ ~~JENKINS-25833~~ ]

ikedam made changes - 2015-04-25 01:09

Link

New: This issue is related to ~~JENKINS-27953~~ [ ~~JENKINS-27953~~ ]

Jesse Glick made changes - 2015-05-06 15:03

Remote Link

New: This issue links to "PR 12 (Web Link)" [ 12903 ]

Jesse Glick made changes - 2015-07-24 15:21

Link

New: This issue depends on ~~JENKINS-29541~~ [ ~~JENKINS-29541~~ ]

Jesse Glick made changes - 2015-09-17 17:26

Link

New: This issue is duplicated by ~~JENKINS-30520~~ [ ~~JENKINS-30520~~ ]

Patrick Wolf made changes - 2016-05-20 16:26

Labels

New: followup

Ulli Hafner made changes - 2016-05-23 20:19

Link

New: This issue is related to JENKINS-35065 [ JENKINS-35065 ]

Assignee:: Unassigned

Reporter:: ikedam

Votes:: 11 Vote for this issue

Watchers:: 16 Start watching this issue

Created:: 2014-11-26 15:15

Updated:: 2017-10-23 17:40

Resolved:: 2017-10-05 10:54

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: ikedam added a comment - 2014-11-26 15:16

Expand comment: ikedam added a comment - 2014-11-26 15:16

Collapse comment: Jesse Glick added a comment - 2014-11-26 17:40

Expand comment: Jesse Glick added a comment - 2014-11-26 17:40

People

Dates