Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46189

Unable to use ParametersAction using the list constructor when run in sandbox

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • script-security-plugin
    • None
    • Jenkins 2.73, Script Security Plugin 1.31

      ParametersAction can't be constructed using the list constructor.  Works with varargs.

      import hudson.model.*;
      def pv1 = new StringParameterValue("Param1", "Value1");
      def pv2 = new StringParameterValue("Param2", "Value2");
      def pa1 = new ParametersAction(pv1,pv2);
      
      def pl = new ArrayList<ParameterValue>();
      pl.add(pv1);
      pl.add(pv2);
      def pa2 = new ParametersAction(pl);

      Error

      java.lang.IllegalArgumentException: array element type mismatch
      	at java.lang.reflect.Array.set(Native Method)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.parametersForVarargs(GroovyCallSiteSelector.java:104)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.matches(GroovyCallSiteSelector.java:51)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.constructor(GroovyCallSiteSelector.java:166)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:132)
      	at org.kohsuke.groovy.sandbox.impl.Checker$3.call(Checker.java:195)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedConstructor(Checker.java:200)
      	at org.kohsuke.groovy.sandbox.impl.Checker$checkedConstructor.callStatic(Unknown Source)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
      	at Script1.run(Script1.groovy:9)

      Whilst we can work around this by switching to the varargs constructor, it's a symptom of a bigger problem.  We have the same issue with attempting to use scheduleBuild2 and passing a cause and action.  For this, there is no workaround.

          [JENKINS-46189] Unable to use ParametersAction using the list constructor when run in sandbox

          Daniel Beck added a comment -

          Is this a regression in a recent Script Security plugin release? If so, which?

          Daniel Beck added a comment - Is this a regression in a recent Script Security plugin release? If so, which?

          Peter Wiseman added a comment -

          I was unable to confirm the exact version this regressed.  Our upgrades were stalled due to the SCM 2.0 change and more recently the Java 8 change, and as a result we upgraded from 2.32 to 2.73, and this simply coincides with our upgrade.  Previously we were able to avoid the sandbox but that is no longer an option when using script files.

          Peter Wiseman added a comment - I was unable to confirm the exact version this regressed.  Our upgrades were stalled due to the SCM 2.0 change and more recently the Java 8 change, and as a result we upgraded from 2.32 to 2.73, and this simply coincides with our upgrade.  Previously we were able to avoid the sandbox but that is no longer an option when using script files.

          Daniel Beck added a comment -

          pwiseman What version of the following plugins are you running now, and which are the previous versions (if upgraded via plugin manager, it will offer to downgrade to that version):

          • Script Security (script-security)
          • Pipeline: Groovy (workflow-cps)

          Does this happen in a Pipeline, or some other scripting environment such as Groovy Postbuild, Groovy Plugin's system groovy, etc.?

          Daniel Beck added a comment - pwiseman What version of the following plugins are you running now, and which are the previous versions (if upgraded via plugin manager, it will offer to downgrade to that version): Script Security (script-security) Pipeline: Groovy (workflow-cps) Does this happen in a Pipeline, or some other scripting environment such as Groovy Postbuild, Groovy Plugin's system groovy, etc.?

          Peter Wiseman added a comment - - edited

          As per the Environment section of the issue, Jenkins 2.73, Script Security Plugin 1.31.

          This issue occurs in Freestyle with the System Groovy buildstep using a Groovy Command with Sandbox selected.  Our actual use case is a script file, but running with a groovy command and sandbox selected is an easier testcase.

          From memory Jenkins 1.32 coincides with about version 1.14 (correction - that's too far back - more likely 1.27) of the script security plugin. (I'm not currently VPN'd to work to check.). But the version probably doesn't reveal anything as we previously were able to run without the sandbox, but that is no longer an option when using a script file, something that was forced upon us in the upgrade.  I've got a Jenkins 2.71 environment with Script Security Plugin 1.29... and I can reproduce the problem there too.

          Peter Wiseman added a comment - - edited As per the Environment section of the issue, Jenkins 2.73, Script Security Plugin 1.31. This issue occurs in Freestyle with the System Groovy buildstep using a Groovy Command with Sandbox selected.  Our actual use case is a script file, but running with a groovy command and sandbox selected is an easier testcase. From memory Jenkins 1.32 coincides with about version 1.14 (correction - that's too far back - more likely 1.27) of the script security plugin. (I'm not currently VPN'd to work to check.). But the version probably doesn't reveal anything as we previously were able to run without the sandbox, but that is no longer an option when using a script file, something that was forced upon us in the upgrade.  I've got a Jenkins 2.71 environment with Script Security Plugin 1.29... and I can reproduce the problem there too.

          Peter Wiseman added a comment -

          FWIW, I can also reproduce using a Pipeline job running in the sandbox.

          Peter Wiseman added a comment - FWIW, I can also reproduce using a Pipeline job running in the sandbox.

          Jesse Glick added a comment -

          Not a recent regression.

          Jesse Glick added a comment - Not a recent regression.

          Peter Wiseman added a comment -

          jglick Thanks for the reference to JENKINS-37527.  I saw that but failed to make the connection.  I'd request upgrading it from Minor to Major. I'll add comments to the that issue.

          Peter Wiseman added a comment - jglick Thanks for the reference to  JENKINS-37527 .  I saw that but failed to make the connection.  I'd request upgrading it from Minor to Major. I'll add comments to the that issue.

            Unassigned Unassigned
            pwiseman Peter Wiseman
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: