-
New Feature
-
Resolution: Unresolved
-
Major
-
None
As a user of script security and especially pipeline code, it is frustrating to have to run code multiple times to identify all cases where methods need whitelisting.
Instead, I'd like to be able to run code ONCE in an "audit mode" that listens for script security violations and generates a list of methods that may be whitelist-approved to permit the script to run inside the sandbox. Additionally, we should log the violations (either in the build log or to an audit file), and note any blacklist violations (which should not be eligible for whitelisting).
Technical note: because the code is Turing Complete and in the case of Groovy the method dispatch is complex, it's impossible to identify all methods that might be invoked before running. Thus this is likely the best we'd be able to do.
An arguably more helpful enhancement, which I thought was already logged in script-security somewhere but maybe not, is to have a mode wherein a (non-blacklisted) violation, rather than immediately throwing RejectedAccessException, would instead print a POSTHyperlinkNote noting the method signature and (if you have RUN_SCRIPTS) allowing you to approve it then and there—and continue the build. (Or decline to do so, and abort the build.) The hard part is making the whitelist check blocking without screwing stuff up. I suspect SandboxContinuable could throw CpsCallableInvocation so that the CPS VM continues and the build simply pauses unless and until you approve.