Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46764

Script Security fails for all approved signatures when a signature entry starts with whitespace

    • Pipeline - December

      If an entry in scriptApproval.xml starts with whitespace, it results in all approved signatures getting rejected. Not sure yet what exactly the underlying problem is, but this is obviously bad.

          [JENKINS-46764] Script Security fails for all approved signatures when a signature entry starts with whitespace

          Andrew Bayer added a comment -

          Andrew Bayer added a comment - Preliminary PR up at https://github.com/jenkinsci/script-security-plugin/pull/150

          Jesse Glick added a comment -

          If the file is malformed, it should be rejected. Doing so with a clear exception message would be appropriate, of course, if the error is not already obvious.

          (How is this “critical”?)

          Jesse Glick added a comment - If the file is malformed, it should be rejected. Doing so with a clear exception message would be appropriate, of course, if the error is not already obvious. (How is this “critical”?)

          Andrew Bayer added a comment -

          Because it was breaking a large user completely until the offending line was fixed, so I want to get a fix out ASAP.

          Andrew Bayer added a comment - Because it was breaking a large user completely until the offending line was fixed, so I want to get a fix out ASAP.

          Jesse Glick added a comment -

          If you are referring to scriptApproval.xml then it would be better to fix ApprovedWhitelist to catch exceptions in its constructor and log them.

          Jesse Glick added a comment - If you are referring to scriptApproval.xml then it would be better to fix ApprovedWhitelist to catch exceptions in its constructor and log them.

          Andrew Bayer added a comment -

          New PR up that logs exceptions in ApprovedWhitelist constructor.

          Andrew Bayer added a comment - New PR up that logs exceptions in ApprovedWhitelist constructor.

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
          src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java
          src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.zip
          src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/dangerousApproved.zip
          src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/malformedScriptApproval.zip
          http://jenkins-ci.org/commit/script-security-plugin/dee8e78aa74d9c5899f22656981059158f841932
          Log:
          [FIXED JENKINS-46764] Log a useful message when scriptApproval is malformed

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.zip src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/dangerousApproved.zip src/test/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest/malformedScriptApproval.zip http://jenkins-ci.org/commit/script-security-plugin/dee8e78aa74d9c5899f22656981059158f841932 Log: [FIXED JENKINS-46764] Log a useful message when scriptApproval is malformed

          Andrew Bayer added a comment -

          In 1.38, releasing shortly.

          Andrew Bayer added a comment - In 1.38, releasing shortly.

            abayer Andrew Bayer
            abayer Andrew Bayer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: