-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Minor
-
Component/s: script-security-plugin
-
Environment:workflow-cps 2.39, script-security 1.33
Outside the sandbox, the following will correctly echo java.util.regex.Pattern
def f = ~/foo/
echo f.class.toString()
But when sandboxed, it barfs with RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter bitwiseNegate java.lang.Object.
This is distinct to CPS-transformed code - if that's in a @NonCPS method or any other non-CPS sandboxed code, it works fine. Somehow we're misidentifying the ~/foo/ in sandboxed CPS code.
EDIT: Amending to include the fact that staticMethod java.util.regex.Pattern compile java.lang.String is not whitelisted. That should be fixed too.
- is duplicated by
-
-
- Resolved
-
- links to
