Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48950

JEP-200: GHPRB Plugin Fails Whitelist

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • ghprb-plugin
    • Jenkins 2.102

      The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

       

      WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

       

      The mitigation technique worked by adding the class names to the Hudson classfilter:

      -Dhudson.remoting.ClassFilter=org.kohsuke.github.*

      ^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.

       

          [JENKINS-48950] JEP-200: GHPRB Plugin Fails Whitelist

          Jeremy Stewart created issue -

          Oleg Nenashev added a comment -

          Yes, we likely need to whitelist the entire GitHub API

          Oleg Nenashev added a comment - Yes, we likely need to whitelist the entire GitHub API
          Oleg Nenashev made changes -
          Link New: This issue relates to JENKINS-48954 [ JENKINS-48954 ]
          Oleg Nenashev made changes -
          Assignee Original: ben patterson [ bpatterson ] New: Oleg Nenashev [ oleg_nenashev ]
          Oleg Nenashev made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Oleg Nenashev made changes -
          Link New: This issue is duplicated by JENKINS-48952 [ JENKINS-48952 ]

          Oleg Nenashev added a comment -

          sasquatch85 would it be possible to get a full stacktrace of this issue?

          Oleg Nenashev added a comment - sasquatch85 would it be possible to get a full stacktrace of this issue?
          Oleg Nenashev made changes -
          Remote Link New: This issue links to "https://github.com/jenkinsci/github-api-plugin/pull/18 (Web Link)" [ 19801 ]

          Jesse Glick added a comment -

          I suspect this code is the problem. These classes were not meant to be stored in build.xml. Since getShortDescription uses only safe fields, and the others seem to be used only during the build, probably everything else could simply be made transient and the problem solved (as well as fixing who knows what other issues).

          Jesse Glick added a comment - I suspect this code  is the problem. These classes were not meant to be stored in build.xml . Since getShortDescription uses only safe fields, and the others seem to be used only during the build, probably everything else could simply be made transient and the problem solved (as well as fixing who knows what other issues).

          Oleg Nenashev added a comment -

          Yes, I returned back to this ticket && doing the plugin-side change now

          Oleg Nenashev added a comment - Yes, I returned back to this ticket && doing the plugin-side change now

            jglick Jesse Glick
            sasquatch85 Jeremy Stewart
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: