Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34650

Allow global libraries to bypass the sandbox

    XMLWordPrintable

    Details

    • Similar Issues:
    • Epic Link:

      Description

      Although you are required to have RUN_SCRIPTS to push anything to workflowLibs, the code is run under the same sandbox settings as the main Pipeline scripts. In the case of a Pipeline script using whole-script approval, it makes sense to be checking RUN_SCRIPTS for libraries. But in the case of Pipeline scripts configured to use the Groovy sandbox, the workflowLibs code is also run in the sandbox—a pointless restriction, since only a trusted user could have written that code. You would expect that the library code would be trusted and run in a privileged mode, so it could safely encapsulate otherwise unsafe method calls.

        Attachments

          Issue Links

          is blocking

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-32731 Allow plugins to contribute to Pipeline global library

          • Major - Major loss of function.
          • Resolved
          is related to

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-26538 Less-trusted workflow-cps-global-lib

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. JENKINS-31155 Workflow shared library improvements

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-37011 Provide a way to write full-fledged Steps in CPS-transformed Groovy

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link Groovy CPS change

          Web Link PR 2

          Web Link workflow-cps-global-lib-plugin #8

          Web Link workflow-cps-plugin PR #33

            Activity

              People

              Assignee:
              kohsuke Kohsuke Kawaguchi
              Reporter:
              jglick Jesse Glick
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: