-
New Feature
-
Resolution: Unresolved
-
Major
-
None
As a user of script security and especially pipeline code, it is frustrating to have to run code multiple times to identify all cases where methods need whitelisting.
Instead, I'd like to be able to run code ONCE in an "audit mode" that listens for script security violations and generates a list of methods that may be whitelist-approved to permit the script to run inside the sandbox. Additionally, we should log the violations (either in the build log or to an audit file), and note any blacklist violations (which should not be eligible for whitelisting).
Technical note: because the code is Turing Complete and in the case of Groovy the method dispatch is complex, it's impossible to identify all methods that might be invoked before running. Thus this is likely the best we'd be able to do.
