-
Bug
-
Resolution: Unresolved
-
Critical
CheckMarx stopped working this afternoon. It had been working in the morning.
Some Plugins where updated during this time period by CheckMarx (8.90.1) was not.
step([$class : 'CxScanBuilder', avoidDuplicateProjectScans : false, comment : "Pipeline Scan", credentialsId : 'checkmarx', excludeFolders : '', exclusionsSetting : 'global', failBuildOnNewResults : true, failBuildOnNewSeverity : 'HIGH', fullScanCycle : 10, generatePdfReport : true, groupId : 'XXXXX', osaArchiveIncludePatterns : '*.zip, *.war, *.ear, *.tgz', osaInstallBeforeScan : false, preset : '100003', projectName : "${serviceName}${CHECKMARX_PROJECT_TYPE}", sastEnabled : true, sourceEncoding : '1', vulnerabilityThresholdResult : 'FAILURE' ])
java.lang.SecurityException: Rejected: com.cx.restclient.dto.ScanResults; see https://jenkins.io/redirect/class-filter/ at hudson.remoting.ClassFilter.check(ClassFilter.java:77) at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:135) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1867) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1750) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2041) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1572) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:430) at hudson.remoting.UserRequest.deserialize(UserRequest.java:291) at hudson.remoting.UserRequest$NormalResponse.retrieve(UserRequest.java:326) at hudson.remoting.Channel.call(Channel.java:955) Caused: java.io.IOException: Failed to deserialize response to UserRequest:com.checkmarx.jenkins.CxScanCallable@40fec119 at hudson.remoting.Channel.call(Channel.java:963) at hudson.FilePath.act(FilePath.java:1072) at hudson.FilePath.act(FilePath.java:1061) at com.checkmarx.jenkins.CxScanBuilder.perform(CxScanBuilder.java:711) at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:80) at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67) at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
- relates to
-
JENKINS-47736
JEP-200: Switch Remoting/XStream blacklist to a whitelist
-
- Resolved
-
[JENKINS-57796] Checkmarx affected by JEP-200
Mark Haskins
created issue -
Ramachandra Kamath Arbettu
made changes -
| Priority | Original: Major [ 3 ] | New: Critical [ 2 ] |
Hi, my name is Liran and I'm the CI Plugins product manager.
Thank you for these comments. I'm sorry to hear you are experiencing these issues. We are looking into this problem.
I'd appreciate if next time you contact Checkmarx official support for a faster response.
Thank you!
| Link |
New:
This issue relates to |
Temporary workaround for those blocked:
-Dhudson.remoting.ClassFilter=com.cx.restclient.dto.ScanResults
(In the Jenkins master command line)
Rajat Gupta
added a comment - How do i apply this fix?
I am using
8.90.1 version
rajatx185 this is a workaround, not a fix. There is a link in my comment to a page that explains how to apply it.
Susovan Ghosh
added a comment - We are encountering the same issue on checkmarx-plugin version 8.90.1. Is there any update, any plan to fix it?
Susovan Ghosh
added a comment - We are encountering the same issue on checkmarx-plugin version 8.90.1. Is there any update, any plan to fix it? 
Nilesh Pawar
added a comment - Hi,
I am also facing issue for checkmarx plugin.
build log is here
please let me know any workaround
FATAL: java.lang.RuntimeException: Failed to serialize hudson.model.Project#builders for class hudson.model.FreeStyleProject*13:27:58* java.lang.UnsupportedOperationException: Refusing to marshal java.io.PrintStream for security reasons; see
https://jenkins.io/redirect/class-filter/
13:27:58 at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:543)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)13:27:58 at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)13:27:58 at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)13:27:58 Caused: java.lang.RuntimeException: Failed to serialize com.checkmarx.jenkins.CxLoggerAdapter#log for class com.checkmarx.jenkins.CxLoggerAdapter*13:27:58* at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)13:27:58 at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)13:27:58 at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)13:27:58 at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)13:27:58 at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)13:27:58 at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)13:27:58 at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)13:27:58 Caused: java.lang.RuntimeException: Failed to serialize com.checkmarx.jenkins.CxScanBuilder#log for class com.checkmarx.jenkins.CxScanBuilder*13:27:58* at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)13:27:58 at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)13:27:58 at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)13:27:58 at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)13:27:58 at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)13:27:58 at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)13:27:58 at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)13:27:58 at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)13:27:58 at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)13:27:58 Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Project#builders for class hudson.model.FreeStyleProject*13:27:58* at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)13:27:58 at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)13:27:58 at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)13:27:58 at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)13:27:58 at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)13:27:58 at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)13:27:58 at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)13:27:58 at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)13:27:58 at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)13:27:58 at hudson.XmlFile.write(XmlFile.java:193)13:27:58 Caused: java.io.IOException*13:27:58* at hudson.XmlFile.write(XmlFile.java:200)13:27:58 at hudson.model.AbstractItem.save(AbstractItem.java:597)13:27:58 at hudson.model.Job.save(Job.java:191)13:27:58 at hudson.model.AbstractProject.save(AbstractProject.java:289)13:27:58 at jenkins.model.ParameterizedJobMixIn$ParameterizedJob.makeDisabled(ParameterizedJobMixIn.java:484)13:27:58 at hudson.model.AbstractProject.performDelete(AbstractProject.java:354)13:27:58 at hudson.model.AbstractItem.delete(AbstractItem.java:772)13:27:58 at hudson.model.Job.delete(Job.java:677)13:27:58 at javaposse.jobdsl.plugin.ExecuteDslScripts.updateGeneratedJobs(ExecuteDslScripts.java:429)13:27:58 at javaposse.jobdsl.plugin.ExecuteDslScripts.perform(ExecuteDslScripts.java:330)13:27:58 at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:81)13:27:58 at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)13:27:58 at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)13:27:58 at hudson.model.Build$BuildExecution.build(Build.java:206)13:27:58 at hudson.model.Build$BuildExecution.doRun(Build.java:163)13:27:58 at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)13:27:58 at hudson.model.Run.execute(Run.java:1794)13:27:58 at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)13:27:58 at hudson.model.ResourceController.execute(ResourceController.java:97)13:27:58 at hudson.model.Executor.run(Executor.java:429)
Nilesh Pawar
added a comment - Hi,
I am also facing issue for checkmarx plugin.
build log is here
please let me know any workaround
FATAL: java.lang.RuntimeException: Failed to serialize hudson.model.Project#builders for class hudson.model.FreeStyleProject*13:27:58* java.lang.UnsupportedOperationException: Refusing to marshal java.io.PrintStream for security reasons; see
https://jenkins.io/redirect/class-filter/
13:27:58 at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:543) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) 13:27:58 at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) 13:27:58 at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) 13:27:58 Caused: java.lang.RuntimeException: Failed to serialize com.checkmarx.jenkins.CxLoggerAdapter#log for class com.checkmarx.jenkins.CxLoggerAdapter*13:27:58* at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) 13:27:58 at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) 13:27:58 at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) 13:27:58 at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) 13:27:58 at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) 13:27:58 at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) 13:27:58 at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) 13:27:58 Caused: java.lang.RuntimeException: Failed to serialize com.checkmarx.jenkins.CxScanBuilder#log for class com.checkmarx.jenkins.CxScanBuilder*13:27:58* at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) 13:27:58 at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) 13:27:58 at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) 13:27:58 at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) 13:27:58 at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) 13:27:58 at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) 13:27:58 at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) 13:27:58 at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) 13:27:58 at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) 13:27:58 Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Project#builders for class hudson.model.FreeStyleProject*13:27:58* at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) 13:27:58 at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) 13:27:58 at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) 13:27:58 at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) 13:27:58 at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) 13:27:58 at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) 13:27:58 at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82) 13:27:58 at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37) 13:27:58 at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026) 13:27:58 at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015) 13:27:58 at com.thoughtworks.xstream.XStream.toXML(XStream.java:988) 13:27:58 at hudson.XmlFile.write(XmlFile.java:193) 13:27:58 Caused: java.io.IOException*13:27:58* at hudson.XmlFile.write(XmlFile.java:200) 13:27:58 at hudson.model.AbstractItem.save(AbstractItem.java:597) 13:27:58 at hudson.model.Job.save(Job.java:191) 13:27:58 at hudson.model.AbstractProject.save(AbstractProject.java:289) 13:27:58 at jenkins.model.ParameterizedJobMixIn$ParameterizedJob.makeDisabled(ParameterizedJobMixIn.java:484) 13:27:58 at hudson.model.AbstractProject.performDelete(AbstractProject.java:354) 13:27:58 at hudson.model.AbstractItem.delete(AbstractItem.java:772) 13:27:58 at hudson.model.Job.delete(Job.java:677) 13:27:58 at javaposse.jobdsl.plugin.ExecuteDslScripts.updateGeneratedJobs(ExecuteDslScripts.java:429) 13:27:58 at javaposse.jobdsl.plugin.ExecuteDslScripts.perform(ExecuteDslScripts.java:330) 13:27:58 at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:81) 13:27:58 at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) 13:27:58 at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744) 13:27:58 at hudson.model.Build$BuildExecution.build(Build.java:206) 13:27:58 at hudson.model.Build$BuildExecution.doRun(Build.java:163) 13:27:58 at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) 13:27:58 at hudson.model.Run.execute(Run.java:1794) 13:27:58 at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) 13:27:58 at hudson.model.ResourceController.execute(ResourceController.java:97) 13:27:58 at hudson.model.Executor.run(Executor.java:429) 
I confirm this issue from the version 8.9.0 of the plugin. We are encountering the same after updating from 8.80.0. We are running on Jenkins ver. 2.164.3
Failed to deserialize response to UserRequest:com.checkmarx.jenkins.CxScanCallable@557f1a37: java.lang.SecurityException: Rejected: com.cx.restclient.dto.ScanResults; see https://jenkins.io/redirect/class-filter/