-
Bug
-
Resolution: Fixed
-
Major
-
Jenkins 2.73, Script Security Plugin 1.31
A freestyle job, a single system groovy build step containing the following, use groovy sandbox selected.
String a; a = "abc";
with this exception
FATAL: BUG! exception in phase 'class generation' in source unit 'Script1.groovy' Error while popping argument from operand stack tracker in class Script1 method java.lang.Object run(). BUG! exception in phase 'class generation' in source unit 'Script1.groovy' Error while popping argument from operand stack tracker in class Script1 method java.lang.Object run(). at org.codehaus.groovy.classgen.asm.OperandStack.popWithMessage(OperandStack.java:72) at org.codehaus.groovy.classgen.asm.OperandStack.remove(OperandStack.java:207) at org.codehaus.groovy.classgen.asm.OperandStack.replace(OperandStack.java:274) at org.codehaus.groovy.classgen.asm.CallSiteWriter.makeCallSite(CallSiteWriter.java:336) at org.codehaus.groovy.classgen.asm.InvocationWriter.makeCachedCall(InvocationWriter.java:307) at org.codehaus.groovy.classgen.asm.InvocationWriter.makeCall(InvocationWriter.java:397) at org.codehaus.groovy.classgen.asm.InvocationWriter.makeCall(InvocationWriter.java:104) at org.codehaus.groovy.classgen.asm.InvocationWriter.writeInvokeStaticMethod(InvocationWriter.java:515) at org.codehaus.groovy.classgen.AsmClassGenerator.visitStaticMethodCallExpression(AsmClassGenerator.java:807) at org.codehaus.groovy.ast.expr.StaticMethodCallExpression.visit(StaticMethodCallExpression.java:46) at org.codehaus.groovy.classgen.asm.BinaryExpressionHelper.evaluateEqual(BinaryExpressionHelper.java:316) at org.codehaus.groovy.classgen.AsmClassGenerator.visitDeclarationExpression(AsmClassGenerator.java:637) at org.codehaus.groovy.ast.expr.DeclarationExpression.visit(DeclarationExpression.java:89) at org.codehaus.groovy.classgen.asm.StatementWriter.writeExpressionStatement(StatementWriter.java:613) at org.codehaus.groovy.classgen.asm.OptimizingStatementWriter.writeExpressionStatement(OptimizingStatementWriter.java:366) at org.codehaus.groovy.classgen.AsmClassGenerator.visitExpressionStatement(AsmClassGenerator.java:624) at org.codehaus.groovy.ast.stmt.ExpressionStatement.visit(ExpressionStatement.java:42) at org.codehaus.groovy.classgen.asm.StatementWriter.writeBlockStatement(StatementWriter.java:85) at org.codehaus.groovy.classgen.asm.OptimizingStatementWriter.writeBlockStatement(OptimizingStatementWriter.java:159) at org.codehaus.groovy.classgen.AsmClassGenerator.visitBlockStatement(AsmClassGenerator.java:570) at org.codehaus.groovy.ast.stmt.BlockStatement.visit(BlockStatement.java:71) at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitClassCodeContainer(ClassCodeVisitorSupport.java:104) at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitConstructorOrMethod(ClassCodeVisitorSupport.java:115) at org.codehaus.groovy.classgen.AsmClassGenerator.visitStdMethod(AsmClassGenerator.java:434) at org.codehaus.groovy.classgen.AsmClassGenerator.visitConstructorOrMethod(AsmClassGenerator.java:387) at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitMethod(ClassCodeVisitorSupport.java:126) at org.codehaus.groovy.classgen.AsmClassGenerator.visitMethod(AsmClassGenerator.java:511) at org.codehaus.groovy.ast.ClassNode.visitContents(ClassNode.java:1081) at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitClass(ClassCodeVisitorSupport.java:53) at org.codehaus.groovy.classgen.AsmClassGenerator.visitClass(AsmClassGenerator.java:233) at org.codehaus.groovy.control.CompilationUnit$17.call(CompilationUnit.java:825) at org.codehaus.groovy.control.CompilationUnit.applyToPrimaryClassNodes(CompilationUnit.java:1065) at org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:603) at org.codehaus.groovy.control.CompilationUnit.processPhaseOperations(CompilationUnit.java:581) at org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:558) at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:298) at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:268) at groovy.lang.GroovyShell.parseClass(GroovyShell.java:688) at groovy.lang.GroovyShell.parse(GroovyShell.java:700) at groovy.lang.GroovyShell.parse(GroovyShell.java:736) at groovy.lang.GroovyShell.parse(GroovyShell.java:727) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript.evaluate(SecureGroovyScript.java:165) at hudson.plugins.groovy.SystemGroovy.run(SystemGroovy.java:95) at hudson.plugins.groovy.SystemGroovy.perform(SystemGroovy.java:59) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:730) at hudson.model.Build$BuildExecution.build(Build.java:206) at hudson.model.Build$BuildExecution.doRun(Build.java:163) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:490) at hudson.model.Run.execute(Run.java:1737) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:419)
The workaround is to assign a value when the variable during the declaration.
String a = ""; a = "abc";
[JENKINS-46191] Trivial assignment doesn't work when run in a sandbox
| Assignee | New: Andrew Bayer [ abayer ] |
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Labels | Original: plugin script-security |
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
groovy-sandbox PR up at https://github.com/jenkinsci/groovy-sandbox/pull/39 - adding downstream PR to verify that script-security can still run its tests against this change, though it doesn't need a new test itself.
| Remote Link | New: This issue links to "groovy-sandbox PR #39 (Web Link)" [ 17470 ] |
| Labels | New: regression |
jglick It is a regression from 1.30 - another side effect of the SECURITY-580 fix.
Is this a regression? If so, from what version?