Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38426

Handle non-literal expressions for environment variable declarations in declarative pipeline

    XMLWordPrintable

Details

    Description

      Should you try anything like:

      environment {
        FOO = blah()
        BAZ = "${blah()}"
      }
      

      you will be rewarded with a stacktrace and a sandbox violation.

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.workflow.cps.CpsClosure2 foo)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:181)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:117)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:103)
      	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
      	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16)
      	at WorkflowScript.run(WorkflowScript:21)
      	at org.jenkinsci.plugin
      

      Need to figure out what can be allowed here and what can't - i.e., steps are potentially problematic since we're definitely not in a node context when setting up the environment, and we also need to understand how we're evaluating the environment values in the first place. So yeah, more thought needed.

      Attachments

        Issue Links

          Activity

            People

              abayer Andrew Bayer
              abayer Andrew Bayer
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: