-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Minor
-
Component/s: script-security-plugin
-
Environment:Jenkins v2.84, Pipeline: Groovy v2.41
Here's a minimal example that works outside of sandbox but fails in sandbox:
def func = { 1 };Â
this.func2 = { 1 };Â
assert 1 == func();Â
assert 1 == func2.call();Â
assert 1 == func2(); // this line failsÂ
It appears as if the it.call() -> it() syntactic sugar, which afaik is part of the language spec, is not honored in restricted sandbox under certain circumstances that make it difficult to create dynamic functions; ideally, I'd like to do something resembling:
def files = sh(returnStdout:true,script:'ls vars/*.groovy'}.trim();
for(file in files){this."${file.subscript(5,file.size()-7)}" = load file; }
Unlike method signatures which can be whitelisted, because this is a language feature it does not appear to be possible to enable.
- links to
