Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56948

Whitelist Enum.valueOf()

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      script-security-plugin 1.56 (latest as of now)
    • Similar Issues:

      Description

      Using valueOf from known classes (Boolean.valueOf , etc.) are allowed (see source generic-whitelist).

      But for custom Enum, we have to approve. Now because we cannot override valueOf, this method is very secure. Because we can't authorize all valueOf from all existing Enum in the world, we could just allow Enum.valueOf(Class<T> enumType, String name).

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            antoinetran Antoine Tran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: