-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins 2.60.2
Script Security 1.29.1
Job DSL 1.64
On the Job DSL wiki (https://github.com/jenkinsci/job-dsl-plugin/wiki/Script-Security) it states undr Groovy Sandboxing:
"All Job DSL methods are whitelisted by default, but Jenkins access control checks are applied."
However, when creating a freestyle job with the example from (https://jenkinsci.github.io/job-dsl-plugin/#path/javaposse.jobdsl.dsl.DslFactory.pipelineJob-definition-cps) as the DSL script, and running as an appropriately authorised user with sandboxing enabled, the following error message is displayed:
ERROR: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (javaposse.jobdsl.dsl.helpers.workflow.CpsContext readFileFromWorkspace java.lang.String)
The DSL for those interested:
pipelineJob('example') {
definition {
cps {
script(readFileFromWorkspace('project-a-workflow.groovy'))
sandbox()
}
}
}
[JENKINS-45778] readFileFromWorkspace Not Whitelisted for Script Security
Jamie Kelly
created issue -
Jamie Kelly
made changes -
| Description |
Original:
On the Job DSL wiki ([https://github.com/jenkinsci/job-dsl-plugin/wiki/Script-Security)] it states undr Groovy Sandboxing: {quote}"All Job DSL methods are whitelisted by default, but Jenkins access control checks are applied." {quote} However, when creating a freestyle job with the example from ([https://jenkinsci.github.io/job-dsl-plugin/#path/javaposse.jobdsl.dsl.DslFactory.pipelineJob-definition-cps)] as the DSL script, and running as an appropriately authorised user with sandboxing enabled, the following error message is displayed: {quote}ERROR: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (javaposse.jobdsl.dsl.helpers.workflow.CpsContext readFileFromWorkspace java.lang.String) {quote} The DSL for those interested: {{pipelineJob('example') \{}} {{ definition \{}} {{ cps }}{{\{ }} {{ script(readFileFromWorkspace('project-a-workflow.groovy'))}} {{ sandbox() }} {{ }}} {{ }}} {{}}} |
New:
On the Job DSL wiki ([https://github.com/jenkinsci/job-dsl-plugin/wiki/Script-Security)] it states undr Groovy Sandboxing: {quote}"All Job DSL methods are whitelisted by default, but Jenkins access control checks are applied." {quote} However, when creating a freestyle job with the example from ([https://jenkinsci.github.io/job-dsl-plugin/#path/javaposse.jobdsl.dsl.DslFactory.pipelineJob-definition-cps)] as the DSL script, and running as an appropriately authorised user with sandboxing enabled, the following error message is displayed: {quote}ERROR: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (javaposse.jobdsl.dsl.helpers.workflow.CpsContext readFileFromWorkspace java.lang.String) {quote} The DSL for those interested: pipelineJob('example') \{ definition \{ cps \{ script(readFileFromWorkspace('project-a-workflow.groovy')) sandbox() } } } |
Jamie Kelly
made changes -
| Summary | Original: DSL Methods Not Whitelisted for Script Security | New: readFileFromWorkspace Not Whitelisted for Script Security |
Jamie Kelly
made changes -
| Environment |
Original:
Jenkins 2.60.2 Latest plugins |
New:
Jenkins 2.60.2 Script Security 1.29.1 Job DSL 1.64 |
Jamie Kelly
made changes -
| Priority | Original: Minor [ 4 ] | New: Major [ 3 ] |
| Component/s | Original: script-security-plugin [ 18520 ] |
Daniel Spilker
made changes -
| Component/s | New: script-security-plugin [ 18520 ] |
Daniel Spilker
made changes -
| Assignee | Original: Daniel Spilker [ daspilker ] |