Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48954

GitHub API plugin should whitelist Model classes of GitHub API

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      In some cases plugin classes are being used for serialization over the channel or storing data on the disk. E.g. JENKINS-48950 and JENKINS-48952. It is probably safe to just allow it for model classes.

        Attachments

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48952 java.lang.RuntimeException: Failed to serialize hudson.model.Actionable

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-48950 JEP-200: GHPRB Plugin Fails Whitelist

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link https://github.com/jenkinsci/github-api-plugin/pull/18

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            oleg_nenashev Oleg Nenashev added a comment -

            I do not think that whitelisting of entire library is plausible since there are potentially dangerous classes

            Show
            oleg_nenashev Oleg Nenashev added a comment - I do not think that whitelisting of entire library is plausible since there are potentially dangerous classes
            Hide
            Permalink
            oleg_nenashev Oleg Nenashev added a comment -

            Pending patch

            Show
            oleg_nenashev Oleg Nenashev added a comment - Pending patch
            Hide
            Permalink
            jglick Jesse Glick added a comment -

            I am not convinced this is even desirable.

            Show
            jglick Jesse Glick added a comment - I am not convinced this is even desirable.
            Hide
            Permalink
            oleg_nenashev Oleg Nenashev added a comment -

            I am working on workarounds in GHPRB for now, but will put patches just in case

            Show
            oleg_nenashev Oleg Nenashev added a comment - I am working on workarounds in GHPRB for now, but will put patches just in case
            Hide
            Permalink
            jglick Jesse Glick added a comment -

            From what I can see so far, no patched to github-api are necessary or desirable. We just need to fix ghprb.

            Show
            jglick Jesse Glick added a comment - From what I can see so far, no patched to github-api are necessary or desirable. We just need to fix ghprb .
            Hide
            Permalink
            oleg_nenashev Oleg Nenashev added a comment -

            I agree

            Show
            oleg_nenashev Oleg Nenashev added a comment - I agree

              People

              Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              oleg_nenashev Oleg Nenashev
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: