Loading...

XML

Word

Printable

Type: Bug
Resolution: Not A Defect
Priority: Major
Component/s: conditional-buildstep-plugin
Labels:
- regex
- security
Environment:
Jenkins 1.596.2 LTS

Similar Issues:

Show

Hi,

We have the following configuration in a job:

  <builders>
    <org.jenkinsci.plugins.conditionalbuildstep.ConditionalBuilder plugin="conditional-buildstep@1.3.3">
      <runner class="org.jenkins_ci.plugins.run_condition.BuildStepRunner$Fail" plugin="run-condition@1.0"/>
      <runCondition class="org.jenkins_ci.plugins.run_condition.core.ExpressionCondition" plugin="run-condition@1.0">
        <expression>[24][x0-9][0-9]{2}</expression>
        <label>${TYPE}</label>
      </runCondition>
  ...

When the Script Security Plugin is installed, we get the following error:

SEVERE: Failed Loading job MyJob
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter matchRegex java.lang.Object java.lang.Object
        at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:164)
        at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:100)
        at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:115)
        at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:112)
        at sun.reflect.GeneratedMethodAccessor108.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
        at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
        at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.invoke(StaticMetaMethodSite.java:43)
        at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.callStatic(StaticMetaMethodSite.java:99)
        at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157)
        at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:177)
        at Script1.run(Script1.groovy:1)
        at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:139)
        at hudson.matrix.FilterScript.evaluate(FilterScript.java:45)
        at hudson.matrix.FilterScript.apply(FilterScript.java:85)
        at hudson.matrix.Combination.evalGroovyExpression(Combination.java:101)
        at hudson.matrix.Combination.evalGroovyExpression(Combination.java:91)
        at hudson.matrix.MatrixProject.rebuildConfigurations(MatrixProject.java:638)
        at hudson.matrix.MatrixProject.onLoad(MatrixProject.java:505)
        at hudson.model.Items.load(Items.java:279)
        at jenkins.model.Jenkins$17.run(Jenkins.java:2673)
        at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
        at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282)
        at jenkins.model.Jenkins$7.runTask(Jenkins.java:903)
        at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210)
        at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)

Note: The current workaround is to "Approve" the script via http://<jenkins-url>/scriptApproval/

Assignee:: Dominik Bartholdi

Reporter:: Tom Ghyselinck

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2015-04-15 10:11

Updated:: 2016-06-16 06:21

Resolved:: 2016-06-16 06:21

Details

Description

Attachments

Activity

People

Dates