[JENKINS-48943] Gerrit Trigger Plugin is affected by JEP-200 in Jenkins 2.102+

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: gerrit-trigger-plugin
Labels:
- JEP-200
Environment:
Jenkins 2.102+

Similar Issues:
Powered by SuggestiMate

Show

The issue has been originally reported in IRC, but I confirmed it by running Plugin compatibility Tester

One of the issues:

SEVERE: Failed to save build record
java.io.IOException: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class hudson.model.FreeStyleBuild
	at hudson.XmlFile.write(XmlFile.java:201)
	at hudson.model.Run.save(Run.java:1923)
	at hudson.model.Run.execute(Run.java:1784)
	at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)
Caused by: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class hudson.model.FreeStyleBuild
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
	at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
	at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
	at hudson.XmlFile.write(XmlFile.java:194)
	... 5 more
Caused by: java.lang.RuntimeException: Failed to serialize hudson.model.CauseAction#causeBag for class hudson.model.CauseAction
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
	at hudson.util.XStream2$PassthruConverter.marshal(XStream2.java:478)
	at hudson.util.XStream2$AssociatedConverterImpl.marshal(XStream2.java:448)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
	at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
	... 18 more
Caused by: java.lang.RuntimeException: Failed to serialize com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritCause#tEvent for class com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritCause
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
	at com.thoughtworks.xstream.converters.collections.MapConverter.marshal(MapConverter.java:78)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
	... 35 more
Caused by: java.lang.UnsupportedOperationException: Refusing to marshal com.sonymobile.tools.gerrit.gerritevents.dto.events.PatchsetCreated for security reasons; see https://jenkins.io/redirect/class-filter/
	at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
	... 50 more

You can find more guidelines for plugin developers in this blogpost: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers. Please let us know if you need any additional info or reviews regarding this issue.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

v2.27.1_against_org.jenkins-ci.plugins_plugin_2.102-SNAPSHOT.log.txt
4.99 MB
2018-01-15 17:29

is duplicated by

JENKINS-48963 UnsupportedOperationException: Refusing to marshal com.sonymobile.tools.gerrit.gerritevents.watchdog.WatchTimeExceptionData for security reasons

Resolved

is related to

JENKINS-48963 UnsupportedOperationException: Refusing to marshal com.sonymobile.tools.gerrit.gerritevents.watchdog.WatchTimeExceptionData for security reasons

Resolved

links to

bundled library patch

https://github.com/jenkinsci/gerrit-trigger-plugin/pull/343

https://github.com/sonyxperiadev/gerrit-events/commit/c3f0798b7e6ce7d809dc5d1068eaf8a128aa58b9

Oleg Nenashev created issue - 2018-01-15 13:16

Oleg Nenashev made changes - 2018-01-15 13:16

Priority

Original: Minor [ 4 ]

New: Major [ 3 ]

Oleg Nenashev made changes - 2018-01-15 13:16

Component/s		New: gerrit-plugin [ 23427 ]
Component/s	Original: prqa-plugin [ 16532 ]

Oleg Nenashev made changes - 2018-01-15 13:16

Assignee

Original: Praqma Support [ praqma ]

New: Luca Domenico Milanesio [ lucamilanesio ]

Oleg Nenashev made changes - 2018-01-15 13:18

Description

Original: During the code inspections for [JEP-200|https://github.com/jenkinsci/jep/tree/master/jep/200] I have discovered that the plugin is most likely affected by this security hardening in the Jenkins core.

* Plugin uses PRQAComplianceStatus in MasterToSlaveCallable operations
* This class comes from an external library without a "Jenkins-ClassFilter-Whitelisted" manifest entry
* In Jenkins 2.102+ such classes will be blacklisted unless a workaround is applied

You can find more guidelines for plugin developers in this blogpost: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers. Please let us know if you need any additional info or reviews regarding this issue.

New: The issue has been originally reported in IRC, but I confirmed it by running Plugin compatibility Tester

One of the issues:

{noformat}
SEVERE: Failed to save build record
java.io.IOException: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class hudson.model.FreeStyleBuild
at hudson.XmlFile.write(XmlFile.java:201)
at hudson.model.Run.save(Run.java:1923)
at hudson.model.Run.execute(Run.java:1784)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Caused by: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class hudson.model.FreeStyleBuild
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
at hudson.XmlFile.write(XmlFile.java:194)
... 5 more
Caused by: java.lang.RuntimeException: Failed to serialize hudson.model.CauseAction#causeBag for class hudson.model.CauseAction
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at hudson.util.XStream2$PassthruConverter.marshal(XStream2.java:478)
at hudson.util.XStream2$AssociatedConverterImpl.marshal(XStream2.java:448)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
... 18 more
Caused by: java.lang.RuntimeException: Failed to serialize com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritCause#tEvent for class com.sonyericsson.hudson.plugins.gerrit.trigger.hudsontrigger.GerritCause
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
at com.thoughtworks.xstream.converters.collections.MapConverter.marshal(MapConverter.java:78)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
... 35 more
Caused by: java.lang.UnsupportedOperationException: Refusing to marshal com.sonymobile.tools.gerrit.gerritevents.dto.events.PatchsetCreated for security reasons; see https://jenkins.io/redirect/class-filter/
at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
... 50 more
{noformat}

You can find more guidelines for plugin developers in this blogpost: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers. Please let us know if you need any additional info or reviews regarding this issue.

Jesse Glick added a comment - 2018-01-15 14:00

Maybe needs the whitelist manifest entry in some library?

Jesse Glick added a comment - 2018-01-15 14:00 Maybe needs the whitelist manifest entry in some library?

Oleg Nenashev added a comment - 2018-01-15 14:07 - edited

We agreed that rsandell will add a manifest entry to ps://github.com/sonyxperiadev/gerrit-events. The I will test it and confirm whether there are other issue

Oleg Nenashev added a comment - 2018-01-15 14:07 - edited We agreed that rsandell will add a manifest entry to ps://github.com/sonyxperiadev/gerrit-events. The I will test it and confirm whether there are other issue

Oleg Nenashev made changes - 2018-01-15 14:08

Assignee

Original: Luca Domenico Milanesio [ lucamilanesio ]

New: rsandell [ rsandell ]

Oleg Nenashev made changes - 2018-01-15 14:08

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

rsandell made changes - 2018-01-15 14:20

Component/s		New: gerrit-trigger-plugin [ 15731 ]
Component/s	Original: gerrit-plugin [ 23427 ]

Assignee:: Oleg Nenashev

Reporter:: Oleg Nenashev

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2018-01-15 13:16

Updated:: 2018-01-18 15:26

Resolved:: 2018-01-15 20:56

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

Collapse comment: Jesse Glick added a comment - 2018-01-15 14:00

Expand comment: Jesse Glick added a comment - 2018-01-15 14:00

Collapse comment: Oleg Nenashev added a comment - 2018-01-15 14:07, Edited by Oleg Nenashev - 2018-01-15 14:09

Expand comment: Oleg Nenashev added a comment - 2018-01-15 14:07, Edited by Oleg Nenashev - 2018-01-15 14:09

People

Dates