Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46394

active choices reactive parameter cant load shared library

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      In groovy script in parameter i havent access into Groovy shared library.

      I use version 1.5.3 of Active Choices Plugin.

      In job workflow works same include.

        Attachments

          Activity

          Hide
          limors Limor Segal Shevah added a comment -

          This will be very very .... very useful for us as well .

          Show
          limors Limor Segal Shevah added a comment - This will be very very .... very useful for us as well  .
          Hide
          kinow Bruno P. Kinoshita added a comment -

          None yet Steven Calhoun, sorry. The main blocker for me is i) other pending issues and, ii) I know I will need to spend some time investigating the following:

          • How can this be safely implemented?
          • Has any other plug-ins done it in a way that didn't result in an CVE and being blacklisted by the Jenkins Security team?
          • What would we need to tell users besides this new feature? (e.g. limitations, risks, etc)

          If anyone has time to do this investigation, then I could simply go with the best approach (if any), and/or confirm with the Jenkins Security team what they think about our decision.

          From memory, I had a solution from another plug-in (hmmm, ext-parameter? extended-parameter-choice? Some name like this), but got a message on IRC or in another media from core devs about the risks of this approach. Then, shortly after, we got blacklisted for other security issues, and the plug-in was unavailable for some weeks (can't recall if it completed 1 or 2 months of suspension until we sorted the CVE and released the fix).

          Hence my caution in implementing this feature (which I find very useful too for users).

          Show
          kinow Bruno P. Kinoshita added a comment - None yet Steven Calhoun , sorry. The main blocker for me is i) other pending issues and, ii) I know I will need to spend some time investigating the following: How can this be safely implemented? Has any other plug-ins done it in a way that didn't result in an CVE and being blacklisted by the Jenkins Security team? What would we need to tell users besides this new feature? (e.g. limitations, risks, etc) If anyone has time to do this investigation, then I could simply go with the best approach (if any), and/or confirm with the Jenkins Security team what they think about our decision. From memory, I had a solution from another plug-in (hmmm, ext-parameter? extended-parameter-choice? Some name like this), but got a message on IRC or in another media from core devs about the risks of this approach. Then, shortly after, we got blacklisted for other security issues, and the plug-in was unavailable for some weeks (can't recall if it completed 1 or 2 months of suspension until we sorted the CVE and released the fix). Hence my caution in implementing this feature (which I find very useful too for users).
          Hide
          stevenacalhoun Steven Calhoun added a comment -

          Any movement on this? This would be immensely helpful

          Show
          stevenacalhoun Steven Calhoun added a comment - Any movement on this? This would be immensely helpful
          Hide
          kinow Bruno P. Kinoshita added a comment -

          If anyone knows of a plugin doing something similar, that'd be helpful. Pull requests welcome as well

          Show
          kinow Bruno P. Kinoshita added a comment - If anyone knows of a plugin doing something similar, that'd be helpful. Pull requests welcome as well
          Hide
          kinow Bruno P. Kinoshita added a comment -

          I agree, and really would like to implement it. But first would need to find either some good guidelines to avoid security issues later, or have a good amount of time to investigate possible solutions. The risk with this feature is that the plugin would be blacklisted (again) due to security issues in the implementation.

          Show
          kinow Bruno P. Kinoshita added a comment - I agree, and really would like to implement it. But first would need to find either some good guidelines to avoid security issues later, or have a good amount of time to investigate possible solutions. The risk with this feature is that the plugin would be blacklisted (again) due to security issues in the implementation.

            People

            Assignee:
            kinow Bruno P. Kinoshita
            Reporter:
            paveto Tomas Pavelka
            Votes:
            24 Vote for this issue
            Watchers:
            32 Start watching this issue

              Dates

              Created:
              Updated: