[JENKINS-46764] Script Security fails for all approved signatures when a signature entry starts with whitespace

Type: Bug
Resolution: Fixed
Priority: Critical
Component/s: script-security-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show
Sprint:
Pipeline - December

If an entry in scriptApproval.xml starts with whitespace, it results in all approved signatures getting rejected. Not sure yet what exactly the underlying problem is, but this is obviously bad.

links to

PR #150

second attempt: PR #170

Andrew Bayer created issue - 2017-09-08 17:40

Andrew Bayer made changes - 2017-09-08 19:21

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Andrew Bayer made changes - 2017-09-08 19:21

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Andrew Bayer added a comment - 2017-09-08 19:22

Preliminary PR up at https://github.com/jenkinsci/script-security-plugin/pull/150

Andrew Bayer added a comment - 2017-09-08 19:22 Preliminary PR up at https://github.com/jenkinsci/script-security-plugin/pull/150

Andrew Bayer made changes - 2017-09-08 19:22

Remote Link

New: This issue links to "PR #150 (Web Link)" [ 17651 ]

Jesse Glick added a comment - 2017-09-11 18:14

If the file is malformed, it should be rejected. Doing so with a clear exception message would be appropriate, of course, if the error is not already obvious.

(How is this “critical”?)

Jesse Glick added a comment - 2017-09-11 18:14 If the file is malformed, it should be rejected. Doing so with a clear exception message would be appropriate, of course, if the error is not already obvious. (How is this “critical”?)

Andrew Bayer added a comment - 2017-09-11 18:16

Because it was breaking a large user completely until the offending line was fixed, so I want to get a fix out ASAP.

Andrew Bayer added a comment - 2017-09-11 18:16 Because it was breaking a large user completely until the offending line was fixed, so I want to get a fix out ASAP.

Jesse Glick added a comment - 2017-09-12 23:28

If you are referring to scriptApproval.xml then it would be better to fix ApprovedWhitelist to catch exceptions in its constructor and log them.

Jesse Glick added a comment - 2017-09-12 23:28 If you are referring to scriptApproval.xml then it would be better to fix ApprovedWhitelist to catch exceptions in its constructor and log them.

James Dumay made changes - 2017-12-03 02:31

Sprint

New: Pipeline - December [ 446 ]

James Dumay made changes - 2017-12-03 02:31

Rank

New: Ranked lower

Assignee:: Andrew Bayer

Reporter:: Andrew Bayer

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017-09-08 17:40

Updated:: 2017-12-11 15:02

Resolved:: 2017-12-11 15:02

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Andrew Bayer added a comment - 2017-09-08 19:22

Expand comment: Andrew Bayer added a comment - 2017-09-08 19:22

Collapse comment: Jesse Glick added a comment - 2017-09-11 18:14

Expand comment: Jesse Glick added a comment - 2017-09-11 18:14

Collapse comment: Andrew Bayer added a comment - 2017-09-11 18:16

Expand comment: Andrew Bayer added a comment - 2017-09-11 18:16

Collapse comment: Jesse Glick added a comment - 2017-09-12 23:28

Expand comment: Jesse Glick added a comment - 2017-09-12 23:28

People

Dates