[JENKINS-57171] Permissive script security plugin is broken after updating to script security 1.58

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: permissive-script-security-plugin, script-security-plugin, workflow-cps-plugin
Labels:
Environment:
Jenkins 2.164.2
Script Security 1.58
Permissive Script Security 0.3
Pipeline: Groovy 2.67

Similar Issues:
Powered by SuggestiMate

Show
Released As:
0.5

After updating to Script Security 1.58 permissive script security no longer permits unsafe method calls. I have -Dpermissive-script-security.enabled=no_security set up in the java args, and before upgrading to 1.58 I was receiving no warnings/errors when calling unsafe methods as expected. After upgrading I see many warnings in my pipeline log, such as:

Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint. Administrators can decide whether to approve or reject this signature.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

scriptApproval.xml
5 kB
2019-05-14 11:33
example.JPG
234 kB
2019-05-14 11:27

causes

JENKINS-59227 Global Pipeline Libraries configuration lost

Open

is caused by

JENKINS-34973 RejectedAccessException thrown but no pending script approval added

Resolved

is related to

JENKINS-59145 After Jenkins upgrade pipeline script from SCM configuration is no longer visible on the GUI

Resolved

Gabriel Loewen created issue - 2019-04-24 17:05

Gabriel Loewen made changes - 2019-04-24 17:05

Description

Original: After updating to Script Security 1.58 permissive script security no longer permits unsafe method calls. I have *-Dpermissive-script-security.enabled=no_security* set up in the java args, and before upgrading to 1.58 I was receiving no warnings/errors when calling unsafe methods. After upgrading I see many warnings in my pipeline log, such as:

Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint. Administrators can decide whether to approve or reject this signature.

New: After updating to Script Security 1.58 permissive script security no longer permits unsafe method calls. I have *-Dpermissive-script-security.enabled=no_security* set up in the java args, and before upgrading to 1.58 I was receiving no warnings/errors when calling unsafe methods as expected. After upgrading I see many warnings in my pipeline log, such as:

Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint. Administrators can decide whether to approve or reject this signature.

Brian Ray made changes - 2019-04-24 21:39

Component/s

New: workflow-cps-plugin [ 21713 ]

Brian Ray made changes - 2019-04-24 21:40

Environment

Original: Jenkins 2.164.2
Script Security 1.58
Permissive Script Security 0.3

New: Jenkins 2.164.2
Script Security 1.58
Permissive Script Security 0.3
Pipeline: Groovy 2.67

Brian Ray made changes - 2019-04-24 21:52

Link

New: This issue is caused by ~~JENKINS-34973~~ [ ~~JENKINS-34973~~ ]

Oliver Gondža made changes - 2019-05-09 10:04

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Oliver Gondža made changes - 2019-05-09 10:51

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Oliver Gondža made changes - 2019-05-09 11:25

Released As		New: 0.4
Resolution		New: Fixed [ 1 ]
Status	Original: In Review [ 10005 ]	New: Resolved [ 5 ]

Andrea Lai made changes - 2019-05-14 11:27

Attachment

New: example.JPG [ 47200 ]

Andrea Lai made changes - 2019-05-14 11:33

Attachment

New: scriptApproval.xml [ 47203 ]

Andrea Lai made changes - 2019-05-16 10:13

Resolution	Original: Fixed [ 1 ]
Status	Original: Resolved [ 5 ]	New: Reopened [ 4 ]

Assignee:: Oliver Gondža

Reporter:: Gabriel Loewen

Votes:: 9 Vote for this issue

Watchers:: 18 Start watching this issue

Created:: 2019-04-24 17:05

Updated:: 2019-12-10 06:27

Resolved:: 2019-05-23 12:18

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates