script-security doesn't handle a non-standard Collection without a constructor taking an array properly

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      Pipeline job fails after upgrading Jenkins from 2.32.1.1 to 2.89.4.2. The following error is returned although Script approval list is empty:

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified new common.EnvsToBuild common.Env
 at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:144)
 at org.kohsuke.groovy.sandbox.impl.Checker$14.call(Checker.java:580)
 at org.kohsuke.groovy.sandbox.impl.Checker.checkedCast(Checker.java:585)
 at org.kohsuke.groovy.sandbox.impl.Checker$checkedCast.callStatic(Unknown Source)
 at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
 at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
 at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:188)
 at org.kohsuke.groovy.sandbox.GroovyInterceptor.onStaticCall(GroovyInterceptor.java:35)
 at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:158)
 at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:186)
 at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:190)
 at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:97)
 at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
 at WorkflowScript.run(WorkflowScript:5)
 at __cps.transform__(Native Method)
 at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
 at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
 at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82)
 at sun.reflect.GeneratedMethodAccessor224.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
 at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
 at com.cloudbees.groovy.cps.Next.step(Next.java:83)
 at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
 at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
 at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:122)
 at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:261)
 at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
 at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:19)
 at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:35)
 at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:32)
 at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
 at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:32)
 at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:174)
 at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:331)
 at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$200(CpsThreadGroup.java:82)
 at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:243)
 at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:231)
 at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
 at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at java.lang.Thread.run(Thread.java:745)
 Finished: FAILURE

      Pipeline code that's not working:

      import common.EnvsToBuild
@Library('jenkins-groovy-error-reproduction-library') _
EnvsToBuild envsToBuild = new EnvsToBuild(true, false) 
println envsToBuild
//println "${new EnvsToBuild(true, false)}"

      Workaround:

      import common.EnvsToBuild
@Library('jenkins-groovy-error-reproduction-library') _
//EnvsToBuild envsToBuild = new EnvsToBuild(true, false) 
//println envsToBuild
println "${new EnvsToBuild(true, false)}"

      import common.EnvsToBuild
@Library('jenkins-groovy-error-reproduction-library') _
EnvsToBuild envsToBuild;
envsToBuild = new EnvsToBuild(true, false) 
println envsToBuild

      import common.EnvsToBuild
@Library('jenkins-groovy-error-reproduction-library') _
def envsToBuild = new EnvsToBuild(true, false) 
println envsToBuild

       

            Assignee:
            Andrew Bayer
            Reporter:
            Ronnie Zhou
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: