Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29541

workflow scripts can't use String.substring(int,int)

XMLWordPrintable

      1.609.1, wf 1.8, secript-scurity 1.14

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method java.lang.String substring int int

      same for gstring.

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.codehaus.groovy.runtime.GStringImpl substring java.lang.Integer java.lang.Integer)

          [JENKINS-29541] workflow scripts can't use String.substring(int,int)

          Antonio Muñiz added a comment -

          I think this PR on script-security-plugin is solving the issue.

          Antonio Muñiz added a comment - I think this PR on script-security-plugin is solving the issue.

          James Nord added a comment - - edited

          the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

          James Nord added a comment - - edited the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

          Antonio Muñiz added a comment -

          Oh, yeah, I thought that substring was listed in DefaultGroovyMethods, but it's not

          Antonio Muñiz added a comment - Oh, yeah, I thought that substring was listed in DefaultGroovyMethods , but it's not

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57
          Log:
          JENKINS-29541 Reproduced problem in test.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57 Log: JENKINS-29541 Reproduced problem in test.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d
          Log:
          [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d Log: [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
          src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b
          Log:
          Merge pull request #20 from jglick/GString-JENKINS-29541

          JENKINS-29541 GString receiver handling

          Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b Log: Merge pull request #20 from jglick/GString- JENKINS-29541 JENKINS-29541 GString receiver handling Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

            jglick Jesse Glick
            teilo James Nord
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: