Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48950

JEP-200: GHPRB Plugin Fails Whitelist

    XMLWordPrintable

Details

    Description

      The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

       

      WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

       

      The mitigation technique worked by adding the class names to the Hudson classfilter:

      -Dhudson.remoting.ClassFilter=org.kohsuke.github.*

      ^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.

       

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48952 java.lang.RuntimeException: Failed to serialize hudson.model.Actionable

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-51511 Build job serialization is failing on 2.107.3 LTS causing loss of data.

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-51663 BuildNameSetter Plugin failing serialization

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-51511 Build job serialization is failing on 2.107.3 LTS causing loss of data.

          • Major - Major loss of function.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-48954 GitHub API plugin should whitelist Model classes of GitHub API

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-49282 Caused by: java.lang.UnsupportedOperationException: Refusing to marshal org.kohsuke.github.GHRepository for security reasons;

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link https://github.com/jenkinsci/github-api-plugin/pull/18

          Web Link PR 616

          Activity

            Ascending order - Click to sort in descending order
            View 13 older comments
            sasquatch85 Jeremy Stewart added a comment -

            Jesse,

            Right on the money! Thanks a ton, I never would have guessed that. We did lose some build history for the builds between updating to 2.102 and when I installed your patched plugin but that's not a huge loss.

            sasquatch85 Jeremy Stewart added a comment - Jesse, Right on the money! Thanks a ton, I never would have guessed that. We did lose some build history for the builds between updating to 2.102 and when I installed your patched plugin but that's not a huge loss.
            jglick Jesse Glick added a comment -

            I probably know how to fix that (just rename the newly transient variables), but unless a plugin maintainer appears and seems ready to do a release, I am not about to spend time on retesting.

            jglick Jesse Glick added a comment - I probably know how to fix that (just rename the newly transient variables), but unless a plugin maintainer appears and seems ready to do a release, I am not about to spend time on retesting.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java
            http://jenkins-ci.org/commit/ghprb-plugin/e3afffc529941bc2674bc98f5cda3fd6944abfe8
            Log:
            JENKINS-48950 [JEP-200] Stop trying to serialize github-api types.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java http://jenkins-ci.org/commit/ghprb-plugin/e3afffc529941bc2674bc98f5cda3fd6944abfe8 Log: JENKINS-48950 [JEP-200] Stop trying to serialize github-api types.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Sam Gleske
            Path:
            src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java
            http://jenkins-ci.org/commit/ghprb-plugin/e381590a278599f689d3394651f009faf86610cf
            Log:
            Merge pull request #616 from jglick/JENKINS-48950

            JENKINS-48950 [JEP-200] Stop trying to serialize github-api types

            Compare: https://github.com/jenkinsci/ghprb-plugin/compare/66084576abfc...e381590a2785

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Sam Gleske Path: src/main/java/org/jenkinsci/plugins/ghprb/GhprbCause.java http://jenkins-ci.org/commit/ghprb-plugin/e381590a278599f689d3394651f009faf86610cf Log: Merge pull request #616 from jglick/ JENKINS-48950 JENKINS-48950 [JEP-200] Stop trying to serialize github-api types Compare: https://github.com/jenkinsci/ghprb-plugin/compare/66084576abfc...e381590a2785
            oleg_nenashev Oleg Nenashev added a comment -

            Fixed in GHPRB 1.40.0

            oleg_nenashev Oleg Nenashev added a comment - Fixed in GHPRB 1.40.0

            People

              jglick Jesse Glick
              sasquatch85 Jeremy Stewart
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: