Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47758

Protect against memory leaks from external Groovy scripts if they use SecureGroovyScript.evaluate

      Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

      However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

      As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.  Note that this implementation will not cover custom implementations that do not rely on SecureGroovyScript.evaluate, such as job-dsl.  It may be possible to provide a public API  for broader use in the future.

      Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community.   

      To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it (see screenshot), then run it frequently.  Please find attached an image showing the memory leak in progress.

          [JENKINS-47758] Protect against memory leaks from external Groovy scripts if they use SecureGroovyScript.evaluate

          Sam Van Oort created issue -
          Sam Van Oort made changes -
          Description Original: Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

          However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

          As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.

          Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community. 

           

          To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it, then run it frequently.  Please find attached an image showing the memory leak in progress.
          New: Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

          However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

          As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.

          Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community.  

          To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it, then run it frequently.  Please find attached an image showing the memory leak in progress.
          Sam Van Oort made changes -
          Attachment New: Screen Shot 2017-10-31 at 6.48.47 PM.png [ 40188 ]
          Sam Van Oort made changes -
          Description Original: Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

          However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

          As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.

          Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community.  

          To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it, then run it frequently.  Please find attached an image showing the memory leak in progress.
          New: Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

          However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

          As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.

          Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community.  

          To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it (see screenshot), then run it frequently.  Please find attached an image showing the memory leak in progress.
          Sam Van Oort made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Sam Van Oort made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Sam Van Oort made changes -
          Summary Original: Protect against memory leaks from external Groovy scripts New: Protect against memory leaks from external Groovy scripts if they use SecureGroovyScript.evaluate
          Sam Van Oort made changes -
          Description Original: Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

          However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

          As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.

          Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community.  

          To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it (see screenshot), then run it frequently.  Please find attached an image showing the memory leak in progress.
          New: Many plugins use Groovy scripts internally that are evaluated with each build – for example, job-dsl and parameters created by Active Choices plugin.   Script security is used to protect against malicious code in these scripts (either by whole-script approval or by sandbox execution). 

          However when run normally with modern Jenkins cores & Groovy versions, these helper plugins will slowly leak memory (via classes loaded but not unloaded, and via Groovy objects to track Class metadata) unless they do explicit cleanup.  Left unchecked, this will eventually bring a Jenkins master down.

          As users of Jenkins, we would like to extend Script Security to offer these plugins the same protection against memory leaks that Pipeline receives, so that evaluating scripts via Script Security also provides memory leak protection.  *Note that this implementation will not cover custom implementations that do not rely on SecureGroovyScript.evaluate, such as job-dsl.  It may be possible to provide a public API  for broader use in the future.*

          Note that the memory leak bugs lies in Groovy and in the plugins using it – so I am marking this as a feature because Script Security would be offering a new set of capabilities to the community.   

          To reproduce one of these leaks, create a simple Jenkins pipeline or Freestyle project and add a simple Active Choices parameter to it (see screenshot), then run it frequently.  Please find attached an image showing the memory leak in progress.
          Sam Van Oort made changes -
          Resolution New: Done [ 10000 ]
          Status Original: In Review [ 10005 ] New: Closed [ 6 ]

            svanoort Sam Van Oort
            svanoort Sam Van Oort
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: