-
Bug
-
Resolution: Fixed
-
Critical
-
None
I have this error during execution of a Jenkins job with "Scan for compiler warnings" in "post build action" (two parsers are use : parser1 and parser2) :
[WARNINGS] Parsing warnings in files 'output1' with parser parser1 [WARNINGS] Groovy sandbox rejected the parsing script for parser parser1: Scripts not permitted to use method java.util.regex.MatchResult group int. You will need to manually approve the call in the Script Approval UI. [WARNINGS] Parsing warnings in files 'output2' with parser parser2 [WARNINGS] Groovy sandbox rejected the parsing script for parser parser2: Scripts not permitted to use method java.util.regex.MatchResult group int. You will need to manually approve the call in the Script Approval UI.
Problem, java.util.regex.MatchResult method already approve in "In-process Script Approval" Windows (in Manage Jenkins) : see picture below.
In "Manage Jenkins" > "Configure System" > "Compiler Warnings" > "Parsers" there is no error message below parser1 and parser2... (I think about error message like "An exception occurred during evaluation of the Groovy script: Scripts not permitted to use method hudson.plugins.analysis.util.model.FileAnnotation setModuleName java.lang.String").
Can you help me to understand what thing I have missed to make please ?
Edit : as derrickgw say (thanks for him), the problem comes from warnings-plugin version 4.62, and more precisely from commit https://github.com/jenkinsci/warnings-plugin/commit/c59dd109dab6cf3a9f28ab6b221d402726d0f4aa
![2017-05-04 10_36_42-In-process Script Approval [Jenkins].png](/secure/attachment/37555/2017-05-04%2010_36_42-In-process%20Script%20Approval%20%5BJenkins%5D.png)
- is duplicated by
-
-
- Resolved
-
- mentioned in
-
Page Failed to load
[JENKINS-43813] Scripts not permitted to use a method already approve in In-process Script Approval GUI
Romaric CRAILOX
created issue -
Romaric CRAILOX
added a comment - I work on :
- Jenkins 2.55
- I don't have warning and analysis-core plugin in my plugin list
Romaric CRAILOX
added a comment - I work on :
Jenkins 2.55
I don't have warning and analysis-core plugin in my plugin list
Romaric CRAILOX
added a comment - Furthermore I have Permissive Script Security Plugin installed... 
Derrick Gibelyou
added a comment - Same here. I was able to revert to 4.60 as a work around. Romaric CRAILOX
added a comment - derrickgw , which elements do you give the version ? Derrick Gibelyou
added a comment - romaric, I'm not sure I understand your question, but I will elaborate.
I am using Jenkins 2.32.3 & analysis-core ("Static Analysis Utilities") version 1.86.
Using the Warnings plugin 4.62 prevents my custom error parsers from working. Downgrading back to 4.60 works as expected.
The commit that broke it is this one: https://github.com/jenkinsci/warnings-plugin/commit/c59dd109dab6cf3a9f28ab6b221d402726d0f4aa
The commit comment says it all: "Merged security fixes into master (Groovy Sandbox for parsers)". The thing is, only admins can edit the parsers, since they live on the system configuration page. So if an admin writes the script, it should be automatically approved, and not have to run in the sandbox. I don't see how making the admin approve the scripts that he just wrote adds anything to security.
Derrick Gibelyou
added a comment - romaric , I'm not sure I understand your question, but I will elaborate.
I am using Jenkins 2.32.3 & analysis-core ("Static Analysis Utilities") version 1.86.
Using the Warnings plugin 4.62 prevents my custom error parsers from working. Downgrading back to 4.60 works as expected.
The commit that broke it is this one: https://github.com/jenkinsci/warnings-plugin/commit/c59dd109dab6cf3a9f28ab6b221d402726d0f4aa
The commit comment says it all: "Merged security fixes into master (Groovy Sandbox for parsers)". The thing is, only admins can edit the parsers, since they live on the system configuration page. So if an admin writes the script, it should be automatically approved, and not have to run in the sandbox. I don't see how making the admin approve the scripts that he just wrote adds anything to security. derrickgw, yes you had understood well my question, thanks for the workaround, it is working for mee too.
I update the ticket.
Romaric CRAILOX
added a comment - - edited derrickgw , yes you had understood well my question, thanks for the workaround, it is working for mee too.
I update the ticket. Romaric CRAILOX
made changes -
| Component/s | New: warnings-plugin [ 15513 ] | |
| Component/s | Original: core [ 15593 ] |
Romaric CRAILOX
made changes -
| Description |
Original:
I have this error during execution of a Jenkins job with "Scan for compiler warnings" in "post build action" (two parsers are use : parser1 and parser2) : [WARNINGS] Parsing warnings in files 'output1' with parser parser1 [WARNINGS] Groovy sandbox rejected the parsing script for parser parser1: Scripts not permitted to use method java.util.regex.MatchResult group int. You will need to manually approve the call in the Script Approval UI. [WARNINGS] Parsing warnings in files 'output2' with parser parser2 [WARNINGS] Groovy sandbox rejected the parsing script for parser parser2: Scripts not permitted to use method java.util.regex.MatchResult group int. You will need to manually approve the call in the Script Approval UI. Problem, java.util.regex.MatchResult method already approve in "In-process Script Approval" Windows (in Manage Jenkins) : see picture below. In "Manage Jenkins" > "Configure System" > "Compiler Warnings" > "Parsers" there is no error message below parser1 and parser2... (I think about error message like "An exception occurred during evaluation of the Groovy script: Scripts not permitted to use method hudson.plugins.analysis.util.model.FileAnnotation setModuleName java.lang.String"). Can you help me to understand what thing I have missed to make please ? |
New:
I have this error during execution of a Jenkins job with "Scan for compiler warnings" in "post build action" (two parsers are use : parser1 and parser2) : [WARNINGS] Parsing warnings in files 'output1' with parser parser1 [WARNINGS] Groovy sandbox rejected the parsing script for parser parser1: Scripts not permitted to use method java.util.regex.MatchResult group int. You will need to manually approve the call in the Script Approval UI. [WARNINGS] Parsing warnings in files 'output2' with parser parser2 [WARNINGS] Groovy sandbox rejected the parsing script for parser parser2: Scripts not permitted to use method java.util.regex.MatchResult group int. You will need to manually approve the call in the Script Approval UI. Problem, java.util.regex.MatchResult method already approve in "In-process Script Approval" Windows (in Manage Jenkins) : see picture below. In "Manage Jenkins" > "Configure System" > "Compiler Warnings" > "Parsers" there is no error message below parser1 and parser2... (I think about error message like "An exception occurred during evaluation of the Groovy script: Scripts not permitted to use method hudson.plugins.analysis.util.model.FileAnnotation setModuleName java.lang.String"). Can you help me to understand what thing I have missed to make please ? Edit : |
I'm seeing the same thing with my custom parsers; the built-in warning parsers seem to be fine.
Jenkins version: 2.19.4
warnings plugin version: 4.62
analysis-core plugin version: 1.86