Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61952

Matcher.find() and Matcher.group(String) are no longer whitelisted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • script-security-plugin
    • None
    • Jenkins ver. 2.204.2
      script-security-plugin 1.68
    • script-security 1.72

      Originally reported by wolniewicz in JENKINS-61575, but that issue appears to be broken so I cloned it here.

      We have upgraded the plugin from 1.66 -> 1.68
      Since version 1.68 method java.util.regex.Matcher find is not longer whitelisted:

      https://github.com/jenkinsci/script-security-plugin/commit/d5e107b1bd780314bc13ebed401ab3b8a22ec9a4#diff-bd6a93804fc62863a4d7460e35733302

      Was this made on purpose or all mentioned methods were removed by accident?

      method java.util.regex.Matcher find
method java.util.regex.Matcher group java.lang.String

       

      We had to manually approve mentioned methods on our production servers.

      Could you please add mentioned methods to default approve list?

          [JENKINS-61952] Matcher.find() and Matcher.group(String) are no longer whitelisted

          Devin Nusbaum created issue -
          Devin Nusbaum made changes -
          Description Original: We have upgraded the plugin from 1.66 -> 1.68
           Since version 1.68 method java.util.regex.Matcher find is not longer whitelisted:

          [https://github.com/jenkinsci/script-security-plugin/commit/d5e107b1bd780314bc13ebed401ab3b8a22ec9a4#diff-bd6a93804fc62863a4d7460e35733302]

          Was this made on purpose or all mentioned methods were removed by accident?
          {code:java}
          method java.util.regex.Matcher find
          method java.util.regex.Matcher group java.lang.String
          {code}
           

          We had to manually approve mentioned methods on our production servers.

          Could you please add mentioned methods to default approve list?           		New: Originally reported by [~wolniewicz] in JENKINS-61575, but that issue appears to be broken so I cloned it here.

          We have upgraded the plugin from 1.66 -> 1.68
           Since version 1.68 method java.util.regex.Matcher find is not longer whitelisted:

          [https://github.com/jenkinsci/script-security-plugin/commit/d5e107b1bd780314bc13ebed401ab3b8a22ec9a4#diff-bd6a93804fc62863a4d7460e35733302]

          Was this made on purpose or all mentioned methods were removed by accident?
          {code:java}
          method java.util.regex.Matcher find
          method java.util.regex.Matcher group java.lang.String
          {code}
           

          We had to manually approve mentioned methods on our production servers.

          Could you please add mentioned methods to default approve list?
          Devin Nusbaum made changes -
          Link New: This issue is caused by JENKINS-59952 [ JENKINS-59952 ]
          Devin Nusbaum made changes -
          Assignee New: Devin Nusbaum [ dnusbaum ]
          Devin Nusbaum made changes -
          Remote Link New: This issue links to "jenkinsci/script-security-plugin#291 (Web Link)" [ 24854 ]
          Devin Nusbaum made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Devin Nusbaum made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Devin Nusbaum made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Fixed but Unreleased [ 10203 ]

          Devin Nusbaum added a comment -

          These methods were added to the default whitelist in Script Security plugin version 1.72.

          Devin Nusbaum added a comment - These methods were added to the default whitelist in Script Security plugin version 1.72.
          Devin Nusbaum made changes -
          Released As New: script-security 1.72
          Status Original: Fixed but Unreleased [ 10203 ] New: Resolved [ 5 ]

            dnusbaum Devin Nusbaum
            dnusbaum Devin Nusbaum
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: