[JENKINS-57796] Checkmarx affected by JEP-200

Type: Bug
Resolution: Unresolved
Priority: Critical
Component/s: checkmarx-plugin
Labels:
- JEP-200
Environment:

Hide
OS : Centos
Linux 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Java
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)

More information in attached file

Show
OS : Centos Linux 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux Java openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode) More information in attached file

Similar Issues:
Powered by SuggestiMate

Show

CheckMarx stopped working this afternoon. It had been working in the morning.

Some Plugins where updated during this time period by CheckMarx (8.90.1) was not.

step([$class                        : 'CxScanBuilder',
      avoidDuplicateProjectScans    : false,
      comment                       : "Pipeline Scan",
      credentialsId                 : 'checkmarx',
      excludeFolders                : '',
      exclusionsSetting             : 'global',
      failBuildOnNewResults         : true,
      failBuildOnNewSeverity        : 'HIGH',
      fullScanCycle                 : 10,
      generatePdfReport             : true,
      groupId                       : 'XXXXX',
      osaArchiveIncludePatterns     : '*.zip, *.war, *.ear, *.tgz',
      osaInstallBeforeScan          : false,
      preset                        : '100003',
      projectName                   : "${serviceName}${CHECKMARX_PROJECT_TYPE}",
      sastEnabled                   : true,
      sourceEncoding                : '1',
      vulnerabilityThresholdResult  : 'FAILURE'
])

java.lang.SecurityException: Rejected: com.cx.restclient.dto.ScanResults; see https://jenkins.io/redirect/class-filter/
	at hudson.remoting.ClassFilter.check(ClassFilter.java:77)
	at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:135)
	at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1867)
	at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1750)
	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2041)
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1572)
	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:430)
	at hudson.remoting.UserRequest.deserialize(UserRequest.java:291)
	at hudson.remoting.UserRequest$NormalResponse.retrieve(UserRequest.java:326)
	at hudson.remoting.Channel.call(Channel.java:955)
Caused: java.io.IOException: Failed to deserialize response to UserRequest:com.checkmarx.jenkins.CxScanCallable@40fec119
	at hudson.remoting.Channel.call(Channel.java:963)
	at hudson.FilePath.act(FilePath.java:1072)
	at hudson.FilePath.act(FilePath.java:1061)
	at com.checkmarx.jenkins.CxScanBuilder.perform(CxScanBuilder.java:711)
	at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:80)
	at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67)
	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Jenkins.txt
7 kB
2019-05-31 15:41

relates to

JENKINS-47736 JEP-200: Switch Remoting/XStream blacklist to a whitelist

Resolved

Mark Haskins created issue - 2019-05-31 15:44

Ramachandra Kamath Arbettu made changes - 2019-06-05 14:49

Priority

Original: Major [ 3 ]

New: Critical [ 2 ]

Alexander Komarov made changes - 2019-06-10 15:20

Link

New: This issue relates to ~~JENKINS-47736~~ [ ~~JENKINS-47736~~ ]

Liran Stern made changes - 2019-07-22 07:54

Assignee

Original: Sergey Kadaner [ sergeyk ]

New: Liran Stern [ sternlir ]

Sai Kiran Challa made changes - 2019-07-28 18:08

Comment

[ I upgraded to 8.90.4 and still see the same error: ```
FATAL: Failed to deserialize response to UserRequest:com.checkmarx.jenkins.CxScanCallable@2a8aedd3: java.lang.SecurityException: Rejected: com.cx.restclient.dto.ScanResults; see
[https://jenkins.io/redirect/class-filter/]
java.lang.SecurityException: Rejected: com.cx.restclient.dto.ScanResults; see
[https://jenkins.io/redirect/class-filter/]
at hudson.remoting.ClassFilter.check(ClassFilter.java:77)
at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:135)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1866)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1749)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2040)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1571)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:431)
at hudson.remoting.UserRequest.deserialize(UserRequest.java:291)
at hudson.remoting.UserRequest$NormalResponse.retrieve(UserRequest.java:326)
at hudson.remoting.Channel.call(Channel.java:957)
Caused: java.io.IOException: Failed to deserialize response to UserRequest:com.checkmarx.jenkins.CxScanCallable@2a8aedd3
at hudson.remoting.Channel.call(Channel.java:965)
at hudson.FilePath.act(FilePath.java:1070)
at hudson.FilePath.act(FilePath.java:1059)
at com.checkmarx.jenkins.CxScanBuilder.perform(CxScanBuilder.java:711)
at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:79)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741)
at hudson.model.Build$BuildExecution.build(Build.java:206)
at hudson.model.Build$BuildExecution.doRun(Build.java:163)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1818)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)``` ]

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates