[JENKINS-46327] GString map identifiers don't work in sandboxed Groovy code

Type: Bug
Resolution: Unresolved
Priority: Minor
Component/s: script-security-plugin
Labels:
None
Environment:
Script Security 1.33

Similar Issues:
Powered by SuggestiMate

Show

The following code will fail in non-CPS-transformed sandboxed Groovy, but will pass in CPS-transformed-and-sandboxed Groovy or vanilla Groovy:

def m = [fruitA: 'apple', fruitB: 'banana']

def bKey = 'B'

assert m."fruitB" == m."fruit${bKey}"

That's obviously wrong. Not sure yet where the problem is happening but will dig.

links to

test reproducing included in script-security PR #143

Andrew Bayer created issue - 2017-08-21 18:57

Andrew Bayer made changes - 2017-08-21 19:49

Remote Link

New: This issue links to "test reproducing included in script-security PR #143 (Web Link)" [ 17497 ]

Andrew Bayer made changes - 2017-08-21 22:04

Description

Original: The following code will fail in non-CPS-transformed sandboxed Groovy, but will pass in CPS-transformed-and-sandboxed Groovy or vanilla Groovy:
{code:groovy}
def m = [fruitA: 'apple', fruitB: 'banana']

def bKey = 'B'

assert m."fruitB" == m."fruit${bKey}"{code}

That's obviously wrong. Not sure yet where the problem is happening but will dig.

New: The following code will fail in non-CPS-transformed sandboxed Groovy, but will pass in CPS-transformed-and-sandboxed Groovy or vanilla Groovy:
{code:java}
def m = [fruitA: 'apple', fruitB: 'banana']

def bKey = 'B'

assert m."fruitB" == m."fruit${bKey}"{code}

That's obviously wrong. Not sure yet where the problem is happening but will dig.

Andrew Bayer made changes - 2020-04-07 15:12

Assignee

Original: Andrew Bayer [ abayer ]

Assignee:: Unassigned

Reporter:: Andrew Bayer

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017-08-21 18:57

Updated:: 2020-04-07 15:12

Jenkins

Details

Description

Attachments

Issue Links

Activity

People

Dates