-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Minor
-
Component/s: script-security-plugin
Grabbing either a character or a substring from a String doesn't work out of the box:
echo 'foobar'[0] org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.String int
echo 'foobar'[3..5] echo 'foobar'[3..-1] org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter createRange java.lang.Object java.lang.Object boolean
Certainly the first one doesn't look dangerous, and the second is presumably harmless, but I don't know for sure whether whitelisting it has other implications beyond this simple use case.
- relates to
-
JENKINS-29541 workflow scripts can't use String.substring(int,int)
-
- Resolved
-
-
-
- Resolved
-
