Major Upgraded from 2.89.4 to 2.138.4 and I have a script that sets the Tool Location on Nodes and I am getting error Refusing to marshal ToolLocationNodeProperty$ToolLocation1_groovyProxy (see dump):
java.lang.UnsupportedOperationException: Refusing to marshal ToolLocationNodeProperty$ToolLocation1_groovyProxy for security reasons; see https://jenkins.io/redirect/class-filter/
at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:546)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
Caused: java.lang.RuntimeException: Failed to serialize hudson.tools.ToolLocationNodeProperty#locations for class hudson.tools.ToolLocationNodeProperty
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Slave#nodeProperties for class hudson.slaves.DumbSlave
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
at hudson.XmlFile.write(XmlFile.java:193)
Caused: java.io.IOException
at hudson.XmlFile.write(XmlFile.java:200)
at jenkins.model.Nodes.persistNode(Nodes.java:175)
at jenkins.model.Nodes.updateNode(Nodes.java:212)
at jenkins.model.Jenkins.updateNode(Jenkins.java:2095)
at hudson.model.Node.save(Node.java:140)
at hudson.util.PersistedList.onModified(PersistedList.java:173)
at hudson.util.PersistedList._onModified(PersistedList.java:181)
Caused: java.lang.RuntimeException
at hudson.util.PersistedList._onModified(PersistedList.java:183)
at hudson.util.PersistedList.add(PersistedList.java:72)
at java_util_List$add.call(Unknown Source)
at Script1$_run_closure1.doCall(Script1.groovy:30)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93)
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)
at org.codehaus.groovy.runtime.metaclass.ClosureMetaClass.invokeMethod(ClosureMetaClass.java:294)
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1022)
at groovy.lang.Closure.call(Closure.java:414)
at groovy.lang.Closure.call(Closure.java:430)
at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:2040)
at org.codehaus.groovy.runtime.DefaultGroovyMethods.each(DefaultGroovyMethods.java:1895)
at org.codehaus.groovy.runtime.dgm$159.invoke(Unknown Source)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274)
at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at Script1.run(Script1.groovy:5)
at groovy.lang.GroovyShell.evaluate(GroovyShell.java:585)
at groovy.lang.GroovyShell.evaluate(GroovyShell.java:623)
at groovy.lang.GroovyShell.evaluate(GroovyShell.java:594)
at hudson.util.RemotingDiagnostics$Script.call(RemotingDiagnostics.java:142)
at hudson.util.RemotingDiagnostics$Script.call(RemotingDiagnostics.java:114)
at hudson.remoting.LocalChannel.call(LocalChannel.java:45)
at hudson.util.RemotingDiagnostics.executeGroovy(RemotingDiagnostics.java:111)
at jenkins.model.Jenkins._doScript(Jenkins.java:4402)
at jenkins.model.Jenkins.doScript(Jenkins.java:4373)
at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
at com.cloudbees.jenkins.ha.HAHealthCheckFilter.doFilter(HAHealthCheckFilter.java:35)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at com.cloudbees.jenkins.support.impl.cloudbees.UnrestrictedApiCallsMonitor$ApiMonitorFilter.doFilter(UnrestrictedApiCallsMonitor.java:120)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at com.cloudbees.opscenter.client.plugin.OfflineSecurityRealmFilter._doFilter(OfflineSecurityRealmFilter.java:95)
at com.cloudbees.opscenter.client.plugin.OfflineSecurityRealmFilter.doFilter(OfflineSecurityRealmFilter.java:70)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at com.cloudbees.opscenter.security.ClusterSessionFilter._doFilter(ClusterSessionFilter.java:68)
at com.cloudbees.opscenter.security.ClusterSessionFilter.doFilter(ClusterSessionFilter.java:43)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1317)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1219)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
at org.eclipse.jetty.server.Server.handle(Server.java:531)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:762)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:680)
at java.lang.Thread.run(Thread.java:748)
[JENKINS-55878] JEP-200 in System Groovy scripts
Hi Oleg,
Thanks for getting back to me. I would like to express my concerns regarding JEP200. It SCARES ME! I work for a large corporation that uses CloubBees Jenkins, I have raised my concerns with the CoudBees folks, and I would like to explain my concerns to you as well. I will let you know that I am an avid coder, with more years under my belt than I would like to admit anymore 
.
In the shop that I work in we have a "Self service" model with 13 people manning the helm of JIRA, Jenkins, Artifactory and Bitbucket, out of which 3-4 of us are hands on with regards to the Jenkins infrastructure supporting 4K+ developers. Additionally, the infrastructure I work in has 9 masters and 1 JOC, we push over 20K jobs through the infrastructure daily and at a guesstimate over 150K job configurations.
1) My biggest concern is that Jenkins is the critical CI/CD backbone to all development work happening in the organization I work in, and there are many jobs that have heavy groovy scripts driving them, and not knowing what is being Blacklisted (until we hit the wall), and can no longer be Approved though the admin GUI has the potential of bring high visibility critical jobs to a grinding halt and catch fire state. We are currently testing in UAT, but it's impossible to test every job that has custom groovy code driving the pipeline.
2) I am of the school of thought that an administrator should NEVER not be able to call a method that prohibits them from performing their duties. In my particular case, in the UAT environment the Node configurations need to be updated to ensure that the JDK can be found in the Tool Locations, in the use cases where the slaves don't have JAVA in their paths (yes, this happens more than you'd think). I don't believe in having to click on every /computer/<slave-name> to get my job done when a simple groovy script will do it for me. I will quote Viktor Farcic, whom I believe you know 'GUI's are for managers and executive, not software engineers' - DevOps/Jenkins World San Francisco 2018.
3) The answer you gave me 'Rewrite it in Java' is most doable, but my burning question is why can I accomplish my task in Java, yet the open source community has Blacklisted the method in Groovy? It seems counter productive to my rational brain. Is it up to the Jenkins project to try and save us from ourselves? I get and see the value of users not being able to access public static calls without being approved (we don't entirely trust them either), but Blacklisting an administrator from any call they choose to make out of necessity goes against the grain of everything I believe in.
I hope this gives you some food for thought and I'm looking forward to your response.
Cheers,
Jackie
Jackie Hammell
added a comment - - edited Hi Oleg,
Thanks for getting back to me. I would like to express my concerns regarding JEP200. It SCARES ME! I work for a large corporation that uses CloubBees Jenkins, I have raised my concerns with the CoudBees folks, and I would like to explain my concerns to you as well. I will let you know that I am an avid coder, with more years under my belt than I would like to admit anymore .
In the shop that I work in we have a "Self service" model with 13 people manning the helm of JIRA, Jenkins, Artifactory and Bitbucket, out of which 3-4 of us are hands on with regards to the Jenkins infrastructure supporting 4K+ developers. Additionally, the infrastructure I work in has 9 masters and 1 JOC, we push over 20K jobs through the infrastructure daily and at a guesstimate over 150K job configurations.
1) My biggest concern is that Jenkins is the critical CI/CD backbone to all development work happening in the organization I work in, and there are many jobs that have heavy groovy scripts driving them, and not knowing what is being Blacklisted (until we hit the wall), and can no longer be Approved though the admin GUI has the potential of bring high visibility critical jobs to a grinding halt and catch fire state. We are currently testing in UAT, but it's impossible to test every job that has custom groovy code driving the pipeline.
2) I am of the school of thought that an administrator should NEVER not be able to call a method that prohibits them from performing their duties. In my particular case, in the UAT environment the Node configurations need to be updated to ensure that the JDK can be found in the Tool Locations, in the use cases where the slaves don't have JAVA in their paths (yes, this happens more than you'd think). I don't believe in having to click on every /computer/<slave-name> to get my job done when a simple groovy script will do it for me. I will quote Viktor Farcic, whom I believe you know 'GUI's are for managers and executive, not software engineers' - DevOps/Jenkins World San Francisco 2018.
3) The answer you gave me 'Rewrite it in Java' is most doable, but my burning question is why can I accomplish my task in Java, yet the open source community has Blacklisted the method in Groovy? It seems counter productive to my rational brain. Is it up to the Jenkins project to try and save us from ourselves? I get and see the value of users not being able to access public static calls without being approved (we don't entirely trust them either), but Blacklisting an administrator from any call they choose to make out of necessity goes against the grain of everything I believe in.
I hope this gives you some food for thought and I'm looking forward to your response.
Cheers,
Jackie
jhammell Although I understand your frustration and concerns, I believe you confuse JEP-200 and method whitelists in Script Security plugins. All your comments are about Script Security from what I see.
JEP-200 is not related to blacklisting of methods in Script Security Plugin. JEP-200 introduces a whitelist for objects being serialized to the disk or over Remoting. If you use a non-whitelisted class for that purpose, it will fail in any language (Java, Groovy, Kotlin, whatever). https://github.com/jenkinsci/jep/tree/master/jep/200
> I am of the school of thought that an administrator should NEVER not be able to call a method that prohibits them from performing their duties
https://wiki.jenkins.io/display/JENKINS/Permissive+Script+Security+Plugin , it will help. The default behavior is designed for protecting non-experienced users from shooting in their feet, but there are many ways to workaround the default behavior.
Also, as an administrator, you can disable Sandbox for Pipeline jobs. Then you will be automatically getting your scripts approved as an administrator.
> The answer you gave me 'Rewrite it in Java'
It's not my answer. My answer was that you should avoid using Groovy classes and object wrappers when you write Groovy scripts. If you provide your script samples, I can give you more detailed suggestions
> large corporation that uses CloubBees Jenkins
There is no such thing like CloudBees Jenkins. There are products like CloudBees Jenkins Enterprise or CloudBees Jenkins Platform. Jenkins is Jenkins. https://wiki.jenkins.io/display/JENKINS/Approved+Trademark+Usage
> I have raised my concerns with the CoudBees folks, and I would like to explain my concerns to you as well.
FYI I work for CloudBees. If there is a question about JEP-200, you can ask the support team to escalate it to me on my teammates. But again, the feedback here does not look to be related to JEP-200.
Closing since there is no new inputs.
jhammell I hope my last comment addresses your concern about the JEP-200 concern. If not, please feel free to reopen. For Script security please feel free to communicate your feedback in Jenkins Developer mailing list
As designed IMO. "groovyProxy" means that the class is wrapped by Groovy, and Jenkins legitimately rejects this non-whitelisted class then. You may have to rework your code to pass pure Java classes which are whiteslisted