-
Bug
-
Resolution: Fixed
-
Minor
-
Jenkins 2.89.3
Pipeline Groovy 2.53
Script Security Plugin 1.44
Using the range operator to slice a list (see), even inside a script block, causes the below error:
Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection. Administrators can decide whether to approve or reject this signature.
[Pipeline] End of Pipeline
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:189)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetArray(SandboxInterceptor.java:447)
at org.kohsuke.groovy.sandbox.impl.Checker$10.call(Checker.java:419)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetArray(Checker.java:424)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getArray(SandboxInvoker.java:45)
at com.cloudbees.groovy.cps.impl.ArrayAccessBlock.rawGet(ArrayAccessBlock.java:21)
at WorkflowScript.run(WorkflowScript:15)
To reproduce, use the below pipeline script:
pipeline {
agent any
stages {
stage ('Run') {
steps {
script {
[1, 2, 3][1..2]
}
}
}
}
}
[JENKINS-52036] List[Range] operator not permitted in sandbox
Hari Dara
created issue -
Hari Dara
made changes -
| Environment |
New:
Jenkins 2.89.3 Pipeline Groovy 2.53 Script Security Plugin 1.44 |
Hari Dara
made changes -
| Description |
Original:
Using the range operator to slice a list ([see|[http://docs.groovy-lang.org/next/html/documentation/working-with-collections.html#Collections-Slicingwiththesubscriptoperator])], even inside a script block, causes the below error: {noformat} Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection. Administrators can decide whether to approve or reject this signature. [Pipeline] End of Pipeline org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:189) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetArray(SandboxInterceptor.java:447) at org.kohsuke.groovy.sandbox.impl.Checker$10.call(Checker.java:419) at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetArray(Checker.java:424) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getArray(SandboxInvoker.java:45) at com.cloudbees.groovy.cps.impl.ArrayAccessBlock.rawGet(ArrayAccessBlock.java:21) at WorkflowScript.run(WorkflowScript:15) {noformat} To reproduce, use the below pipeline script: {noformat} pipeline { agent any stages { stage ('Run') { steps { script { [1, 2, 3][1..2] } } } } } {noformat} |
New:
Using the range operator to slice a list ([see|[http://docs.groovy-lang.org/next/html/documentation/working-with-collections.html#Collections-Slicingwiththesubscriptoperator]]), even inside a script block, causes the below error: {noformat} Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection. Administrators can decide whether to approve or reject this signature. [Pipeline] End of Pipeline org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:189) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetArray(SandboxInterceptor.java:447) at org.kohsuke.groovy.sandbox.impl.Checker$10.call(Checker.java:419) at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetArray(Checker.java:424) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getArray(SandboxInvoker.java:45) at com.cloudbees.groovy.cps.impl.ArrayAccessBlock.rawGet(ArrayAccessBlock.java:21) at WorkflowScript.run(WorkflowScript:15) {noformat} To reproduce, use the below pipeline script: {noformat} pipeline { agent any stages { stage ('Run') { steps { script { [1, 2, 3][1..2] } } } } } {noformat} |
Hari Dara
made changes -
| Description |
Original:
Using the range operator to slice a list ([see|[http://docs.groovy-lang.org/next/html/documentation/working-with-collections.html#Collections-Slicingwiththesubscriptoperator]]), even inside a script block, causes the below error: {noformat} Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection. Administrators can decide whether to approve or reject this signature. [Pipeline] End of Pipeline org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:189) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetArray(SandboxInterceptor.java:447) at org.kohsuke.groovy.sandbox.impl.Checker$10.call(Checker.java:419) at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetArray(Checker.java:424) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getArray(SandboxInvoker.java:45) at com.cloudbees.groovy.cps.impl.ArrayAccessBlock.rawGet(ArrayAccessBlock.java:21) at WorkflowScript.run(WorkflowScript:15) {noformat} To reproduce, use the below pipeline script: {noformat} pipeline { agent any stages { stage ('Run') { steps { script { [1, 2, 3][1..2] } } } } } {noformat} |
New:
Using the range operator to slice a list ([see|http://docs.groovy-lang.org/next/html/documentation/working-with-collections.html#Collections-Slicingwiththesubscriptoperator]), even inside a script block, causes the below error: {noformat} Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection. Administrators can decide whether to approve or reject this signature. [Pipeline] End of Pipeline org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List java.util.Collection at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:189) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetArray(SandboxInterceptor.java:447) at org.kohsuke.groovy.sandbox.impl.Checker$10.call(Checker.java:419) at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetArray(Checker.java:424) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getArray(SandboxInvoker.java:45) at com.cloudbees.groovy.cps.impl.ArrayAccessBlock.rawGet(ArrayAccessBlock.java:21) at WorkflowScript.run(WorkflowScript:15) {noformat} To reproduce, use the below pipeline script: {noformat} pipeline { agent any stages { stage ('Run') { steps { script { [1, 2, 3][1..2] } } } } } {noformat} |
jang hyemi (Inactive)
made changes -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
jang hyemi (Inactive)
made changes -
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
jang hyemi (Inactive)
made changes -
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Review [ 10005 ] | New: Closed [ 6 ] |
jang hyemi (Inactive)
made changes -
| Status | Original: Closed [ 6 ] | New: In Review [ 10005 ] |
jang hyemi (Inactive)
made changes -
| Status | Original: In Review [ 10005 ] | New: Closed [ 6 ] |
jang hyemi (Inactive)
made changes -
| Status | Original: Closed [ 6 ] | New: In Review [ 10005 ] |