Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29541

workflow scripts can't use String.substring(int,int)

    XMLWordPrintable

Details

    Description

      1.609.1, wf 1.8, secript-scurity 1.14

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method java.lang.String substring int int

      same for gstring.

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.codehaus.groovy.runtime.GStringImpl substring java.lang.Integer java.lang.Integer)

      Attachments

        Issue Links

          Activity

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b
            Log:
            Merge pull request #20 from jglick/GString-JENKINS-29541

            JENKINS-29541 GString receiver handling

            Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b Log: Merge pull request #20 from jglick/GString- JENKINS-29541 JENKINS-29541 GString receiver handling Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d
            Log:
            [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d Log: [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57
            Log:
            JENKINS-29541 Reproduced problem in test.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57 Log: JENKINS-29541 Reproduced problem in test.

            Oh, yeah, I thought that substring was listed in DefaultGroovyMethods, but it's not

            amuniz Antonio Muñiz added a comment - Oh, yeah, I thought that substring was listed in DefaultGroovyMethods , but it's not
            teilo James Nord added a comment - - edited

            the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

            teilo James Nord added a comment - - edited the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

            I think this PR on script-security-plugin is solving the issue.

            amuniz Antonio Muñiz added a comment - I think this PR on script-security-plugin is solving the issue.

            People

              jglick Jesse Glick
              teilo James Nord
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: