[JENKINS-29541] workflow scripts can't use String.substring(int,int) - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Major
Resolution: Fixed
Component/s: script-security-plugin
Labels:
- pipeline

Similar Issues:

Show

Description

1.609.1, wf 1.8, secript-scurity 1.14

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method java.lang.String substring int int

same for gstring.

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.codehaus.groovy.runtime.GStringImpl substring java.lang.Integer java.lang.Integer)

Attachments

Issue Links

is blocking

JENKINS-25804 Whitelisted signature presets for Java standard APIs and Jenkins core APIs

Resolved

relates to

JENKINS-42618 Cannot use String index or range in sandboxed scripts

Resolved

links to

PR 20

Activity

Descending order - Click to sort in ascending order

SCM/JIRA link daemon added a comment - 2015-08-05 12:00

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b
Log:
Merge pull request #20 from jglick/GString-~~JENKINS-29541~~

~~JENKINS-29541~~ GString receiver handling

Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

SCM/JIRA link daemon added a comment - 2015-08-05 12:00 Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b Log: Merge pull request #20 from jglick/GString- JENKINS-29541 JENKINS-29541 GString receiver handling Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

SCM/JIRA link daemon added a comment - 2015-08-05 12:00

Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d
Log:
[FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

SCM/JIRA link daemon added a comment - 2015-08-05 12:00 Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d Log: [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

SCM/JIRA link daemon added a comment - 2015-08-05 12:00

Code changed in jenkins
User: Jesse Glick
Path:
src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57
Log:
~~JENKINS-29541~~ Reproduced problem in test.

SCM/JIRA link daemon added a comment - 2015-08-05 12:00 Code changed in jenkins User: Jesse Glick Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57 Log: JENKINS-29541 Reproduced problem in test.

Antonio Muñiz added a comment - 2015-07-21 18:32

Oh, yeah, I thought that substring was listed in DefaultGroovyMethods, but it's not

Antonio Muñiz added a comment - 2015-07-21 18:32 Oh, yeah, I thought that substring was listed in DefaultGroovyMethods , but it's not

James Nord added a comment - 2015-07-21 18:16 - edited

the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

James Nord added a comment - 2015-07-21 18:16 - edited the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

Antonio Muñiz added a comment - 2015-07-21 18:11

I think this PR on script-security-plugin is solving the issue.

Antonio Muñiz added a comment - 2015-07-21 18:11 I think this PR on script-security-plugin is solving the issue.

People

Assignee:: Jesse Glick

Reporter:: James Nord

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-07-21 17:42

Updated:: 2017-03-09 13:24

Resolved:: 2015-08-05 12:00