Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46088

unclassified staticMethod when assigning java.util.regex.Matcher in included script

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • script-security-plugin
    • None
    • Jenkins 2.60.2 .war on Ubuntu
      Script Security Plugin 1.31
      Groovy Plugin 2.0

      Steps to reproduce:

      Run Jenkins 2.60.2 with latest Script Security Plugin (1.31). Create a freestyle job that runs a system groovy script from a script file /tmp/minimal.groovy (!, bug does not appear if the script is defined in the job itself).

      Sample job config.xml is attached.

      Contents of /tmp/minimal.groovy :

      java.util.regex.Matcher m = "asdf" =~ /(a)/

      Run the job.

      Observed result

      ERROR: Build step failed with exception
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified staticMethod org.kohsuke.groovy.sandbox.impl.Checker checkedStaticCall java.lang.Class java.lang.String java.lang.String java.lang.String
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:146)
	at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:184)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:188)
	at org.kohsuke.groovy.sandbox.impl.Checker$checkedStaticCall$1.callStatic(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:222)
	at Script1.run(Script1.groovy:1)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:141)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript.evaluate(SecureGroovyScript.java:165)
	at hudson.plugins.groovy.SystemGroovy.run(SystemGroovy.java:95)
	at hudson.plugins.groovy.SystemGroovy.perform(SystemGroovy.java:59)
	at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:735)
	at hudson.model.Build$BuildExecution.build(Build.java:206)
	at hudson.model.Build$BuildExecution.doRun(Build.java:163)
	at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490)
	at hudson.model.Run.execute(Run.java:1735)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:405)

      Expected result

      Script runs without error.

      Known mitigations

      Changing the script to:

      def m = "asdf" =~ /(a)/

      That is, removing the explicit type declaration solves the problem.

      Also, copying the script into the job definition doesn't trigger the error.

      Priority

      Since the explicit type declaration is not idiomatic usage anyways and the workaround is simple, I don't think it's highly important but would like to understand why this fails in any case.

        1. config.xml
          0.7 kB
          Urs Schoenenberger

            abayer Andrew Bayer
            schoeneu Urs Schoenenberger
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: