Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38426

Handle non-literal expressions for environment variable declarations in declarative pipeline

    XMLWordPrintable

Details

    Description

      Should you try anything like: 

      environment {
  FOO = blah()
  BAZ = "${blah()}"
}

      you will be rewarded with a stacktrace and a sandbox violation. 

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.workflow.cps.CpsClosure2 foo)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:181)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:117)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:103)
	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16)
	at WorkflowScript.run(WorkflowScript:21)
	at org.jenkinsci.plugin

      Need to figure out what can be allowed here and what can't - i.e., steps are potentially problematic since we're definitely not in a node context when setting up the environment, and we also need to understand how we're evaluating the environment values in the first place. So yeah, more thought needed.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-37777 Pipeline Config: Unable to assign any non literal to an environment variable

          • Major - Major loss of function.
          • Closed
          links to

          Web Link PR #22

          Activity

            Ascending order - Click to sort in descending order
            abayer Andrew Bayer created issue -
            abayer Andrew Bayer made changes -
            Field Original Value New Value
            Link This issue is duplicated by JENKINS-37777 [ JENKINS-37777 ]
            abayer Andrew Bayer made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            abayer Andrew Bayer made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            abayer Andrew Bayer made changes -
            Remote Link This issue links to "PR #20 (Web Link)" [ 14870 ]
            abayer Andrew Bayer made changes -
            Remote Link This issue links to "PR #22 (Web Link)" [ 14874 ]
            abayer Andrew Bayer made changes -
            Remote Link This issue links to "PR #20 (Web Link)" [ 14870 ]
            abayer Andrew Bayer made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            bitwiseman Liam Newman made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

            People

              abayer Andrew Bayer
              abayer Andrew Bayer
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: