Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47893

GroovyCastException using script-security-plugin 1.35

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • script-security-plugin
    • None
    • Jenkins 2.73.1
      Fedora

      After upgrading the script-security-plugin to version 1.35, trying to create a temporary directory causes a GroovyCastException.

      Current workaround is to downgrade to 1.34.

      Jenkinsfile
      import java.nio.file.Files
      node {
        stage('GroovyCastException') {
          def tmpDir = Files.createTempDirectory("some-prefix").toString()
        }
      }
      

      Exception:

      hudson.remoting.ProxyException: org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'some-prefix' with class 'java.lang.String' to class 'java.nio.file.attribute.FileAttribute'
      at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.continueCastOnSAM(DefaultTypeTransformation.java:405)
      at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.continueCastOnNumber(DefaultTypeTransformation.java:319)
      at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.castToType(DefaultTypeTransformation.java:232)
      at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.castToVargsArray(DefaultTypeTransformation.java:888)
      at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.parametersForVarargs(GroovyCallSiteSelector.java:103)
      at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.matches(GroovyCallSiteSelector.java:52)
      at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.findMatchingMethod(GroovyCallSiteSelector.java:195)
      at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.staticMethod(GroovyCallSiteSelector.java:189)
      at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:153)
      at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:184)
      at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:188)
      at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:95)
      at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
      at WorkflowScript.run(WorkflowScript:29)
      at __cps.transform__(Native Method)
      at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
      at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
      at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82)
      at sun.reflect.GeneratedMethodAccessor274.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
      at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
      at com.cloudbees.groovy.cps.Next.step(Next.java:83)
      at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
      at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
      at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:122)
      at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:261)
      at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
      at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
      at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:35)
      at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:32)
      at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
      at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:32)
      at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:174)
      at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:330)
      at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:82)
      at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:242)
      at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:230)
      at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
      at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
      at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      at java.lang.Thread.run(Thread.java:745)

          [JENKINS-47893] GroovyCastException using script-security-plugin 1.35

          Andrew Bayer added a comment -

          Appears to be a bug caused by https://github.com/jenkinsci/script-security-plugin/commit/8abef0d66fa78f4c187789d8fb76680b91ff0e97 - something's awry with handling varargs again. Fun. I'll look into it.

          That said, you definitely shouldn't be using Files.createTempDirectory in your Pipeline - that'll create a temporary directory on the master, not on the agent, and is almost certainly not what you want.

          Andrew Bayer added a comment - Appears to be a bug caused by https://github.com/jenkinsci/script-security-plugin/commit/8abef0d66fa78f4c187789d8fb76680b91ff0e97 - something's awry with handling varargs again. Fun. I'll look into it. That said, you definitely shouldn't be using Files.createTempDirectory in your Pipeline - that'll create a temporary directory on the master, not on the agent, and is almost certainly not what you want.

          Andrew Bayer added a comment -

          Yup, that was dumb on my part. Shoulda tested it with different types that couldn't be cast to each other. Well, I have that now, so https://github.com/jenkinsci/script-security-plugin/pull/163 should fix this.

          Andrew Bayer added a comment - Yup, that was dumb on my part. Shoulda tested it with different types that couldn't be cast to each other. Well, I have that now, so https://github.com/jenkinsci/script-security-plugin/pull/163 should fix this.

          That said, you definitely shouldn't be using Files.createTempDirectory in your Pipeline - that'll create a temporary directory on the master, not on the agent, and is almost certainly not what you want.

          You are right. The reason why I haven't noticed it before is that dir() apparently creates the directory if it doesn't exist. My Jenkinsfile really looks more like this:

          import java.nio.file.Files
          node {
            stage('GroovyCastException') {
              def tmpDir = Files.createTempDirectory("some-prefix").toString()
              dir(tmpDir) {
                  sh "..."
              }
            }
          }
          

          I can't use pwd(tmp: true) because that results in too long she-bang lines when using Python virtualenv...

          so https://github.com/jenkinsci/script-security-plugin/pull/163 should fix this
          Awesome, thanks!

          Rasmus Pedersen added a comment - That said, you definitely shouldn't be using Files.createTempDirectory in your Pipeline - that'll create a temporary directory on the master, not on the agent, and is almost certainly not what you want. You are right. The reason why I haven't noticed it before is that dir() apparently creates the directory if it doesn't exist. My Jenkinsfile really looks more like this: import java.nio.file.Files node { stage( 'GroovyCastException' ) { def tmpDir = Files.createTempDirectory( "some-prefix" ).toString() dir(tmpDir) { sh "..." } } } I can't use pwd(tmp: true) because that results in too long she-bang lines when using Python virtualenv... so https://github.com/jenkinsci/script-security-plugin/pull/163 should fix this Awesome, thanks!

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
          src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
          http://jenkins-ci.org/commit/script-security-plugin/34b99480f64ccd0dc9903a2fc29443519bc2b528
          Log:
          [FIXED JENKINS-47893] Properly set index for varargs casting

          https://github.com/jenkinsci/script-security-plugin/commit/8abef0d66fa78f4c187789d8fb76680b91ff0e97
          fixed GString varargs logic...sort of. For some reason, I put a 0 in
          for the start index for the array in the parameters, which
          was wrong. Duh. This fixes that by properly using the right index.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/34b99480f64ccd0dc9903a2fc29443519bc2b528 Log: [FIXED JENKINS-47893] Properly set index for varargs casting https://github.com/jenkinsci/script-security-plugin/commit/8abef0d66fa78f4c187789d8fb76680b91ff0e97 fixed GString varargs logic...sort of. For some reason, I put a 0 in for the start index for the array in the parameters, which was wrong. Duh. This fixes that by properly using the right index.

            abayer Andrew Bayer
            kamrup Rasmus Pedersen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: