Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41376

RejectedAccessException: unclassified field java.lang.Class lastMatcher

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • script-security-plugin
    • Jenkins ver. 2.42 installed on Amazon Linux AMI release 2014.03
      org.jenkins-ci.plugins:script-security:1.25
      org.kohsuke:groovy-sandbox:1.10

      I've been working on presenting more helpful errors to users recently and I wrote some library code that essentially wrapped the sh() call in try/catch with some matching for common errors in the error output.

      I've seen this working (I can't work out how to confirm the Jenkins version info at the time the job ran); possibly on 2.39

      I'm now seeing this (on a fresh 2.41 and 2.42 installation):

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified field java.lang.Class lastMatcher
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.unclassifiedField(SandboxInterceptor.java:367)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:363)
	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:28)
	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
	at WorkflowScript.run(WorkflowScript:16)
	at ___cps.transform___(Native Method)
	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.get(PropertyishBlock.java:74)
	at com.cloudbees.groovy.cps.LValueBlock$GetAdapter.receive(LValueBlock.java:30)
	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.fixName(PropertyishBlock.java:66)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
	at com.cloudbees.groovy.cps.Next.step(Next.java:58)
	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:163)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:328)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:80)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:240)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:228)
	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:63)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

      I've reduced my test-case to the following pasted-pipeline-code:

      import java.util.regex.Matcher;

node {
    CMD_STDERR = """
A distribution already exists as ZPGDOCKER/Internal-Utils-v2.1.6.tar.gz
FAILED: pinto add --root=http://pinto.endpoint --stack=dev Internal-Utils-v2.1.6.tar.gz
    """
    
    echo CMD_STDERR

    switch(CMD_STDERR) {
        // this lets us quickly see we've failed because we
        // forgot to bump the VERSION for a perl dist
        // ** this might be buried in 'zpg-package' output**
        case ~/(?ms).*(A distribution already exists as (.+?.tar.gz)).*/:
            def dist = Matcher.lastMatcher[0][2].trim();
            currentBuild.description = "${dist} already exists in Pinto"
            echo "currentBuild.description -> ${currentBuild.description}";
            break;

        // otherwise, just use 'err'
        default:
            echo "CMD_STDERR: «${CMD_STDERR}»";
            currentBuild.description=err ?: "Failed: reason unknown";
    }
}

      I get the correct/expected behaviour if I disable "Use groovy sandbox".

      The source of the problem is code via a Jenkinsfile, which I believe always runs in the sandbox.

      There are zero pending approvals at http://JENKINS_URL/scriptApproval/

            Unassigned Unassigned
            chizcw Chisel Wright
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: