-
Bug
-
Resolution: Unresolved
-
Major
-
Jenkins 2.258
job-dsl plugin 1.77
script-security plugin 1.75
The upgrade of script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" closure.
The following example pipelineJob script recreates the problem:
node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } }
When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following:
Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566)
This does not happen with script-security plugin version 1.74.
[JENKINS-63788] Job Dsl "configure" block does not work with latest script-security plugin
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {color:#ff8b00}node('master') {{color} {color:#ff8b00} stage('jobDsl configure test') {{color} {color:#ff8b00} jobDsl({color} {color:#ff8b00} sandbox: true,{color} {color:#ff8b00} scriptText: '''\{color} {color:#ff8b00}pipelineJob('test-configure-job') {{color} {color:#ff8b00} configure { node ->{color} {color:#ff8b00} node.append(test('Testing...')){color} {color:#ff8b00} }{color} {color:#ff8b00}}{color} {color:#ff8b00}''',{color} {color:#ff8b00} ){color} {color:#ff8b00} }{color} {color:#ff8b00}}{color} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) This does not happen with script-security plugin version 1.74. |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{node('master') {}} {{ stage('jobDsl configure test') {}} {{ jobDsl(}} {{ sandbox: true,}} {{ scriptText: '''\}} {{pipelineJob('test-configure-job') {}} {{ configure { node ->}} {{ node.append(test('Testing...'))}} {{ }}} {{}}} {{''',}} {{ )}} {{ }}} {{}}} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} {{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} {{ at script$_run_closure1$_closure2.doCall(script:3)}} {{ This does not happen with script-security plugin version 1.74.}} |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{node('master') {}} {{ stage('jobDsl configure test') {}} {{ jobDsl(}} {{ sandbox: true,}} {{ scriptText: '''\}} {{pipelineJob('test-configure-job') {}} {{ configure { node ->}} {{ node.append(test('Testing...'))}} {{ }}} {{}}} {{''',}} {{ )}} {{ }}} {{}}} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} {{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} {{ at script$_run_closure1$_closure2.doCall(script:3)}} {{ This does not happen with script-security plugin version 1.74.}} |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{node('master') {}} {{ stage('jobDsl configure test') {}} {{ jobDsl(}} {{ sandbox: true,}} {{ scriptText: '''}} {{pipelineJob('test-configure-job') {}} {{ configure { node ->}} {{ node.append(test('Testing...'))}} {{ }}} {{}}{{}}} {{''',}} {{ )}} {{ }}} {{}}{{}}} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{node('master') {}} {{ stage('jobDsl configure test') {}} {{ jobDsl(}} {{ sandbox: true,}} {{ scriptText: '''}} {{pipelineJob('test-configure-job') {}} {{ configure { node ->}} {{ node.append(test('Testing...'))}} {{ }}} {{}}{{}}} {{''',}} {{ )}} {{ }}} {{}}{{}}} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{node('master') {}} {{ stage('jobDsl configure test') {}} {{ jobDsl(}} {{ sandbox: true,}} {{ scriptText: '''}} {{pipelineJob('test-configure-job') {}} {{ configure { node ->}} {{ node.append(test('Testing...'))}} {{ } }} {{} }} {{''',}} {{ )}} {{ } }} {{} }} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{node('master') {}} {{ stage('jobDsl configure test') {}} {{ jobDsl(}} {{ sandbox: true,}} {{ scriptText: '''}} {{pipelineJob('test-configure-job') {}} {{ configure { node ->}} {{ node.append(test('Testing...'))}} {{ } }} {{} }} {{''',}} {{ )}} {{ } }} {{} }} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{ node('master') { }} {{ stage('jobDsl configure test') { }} {{ jobDsl( }} {{ sandbox: true, }} {{ scriptText: ''' }} {{ pipelineJob('test-configure-job') { }} {{ configure { node -> }} {{ node.append(test('Testing...')) }} {{ } }} {{ } }} {{ ''', }} {{ ) }} {{ } }} {{ } }} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {{ node('master') { }} {{ stage('jobDsl configure test') { }} {{ jobDsl( }} {{ sandbox: true, }} {{ scriptText: ''' }} {{ pipelineJob('test-configure-job') { }} {{ configure { node -> }} {{ node.append(test('Testing...')) }} {{ } }} {{ } }} {{ ''', }} {{ ) }} {{ } }} {{ } }} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {{Processing provided DSL script}} {{ java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)}} {{ at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)}} {{ at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)}} {{ at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)}} \{{ at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)}} \{{ at script$_run_closure1$_closure2.doCall(script:3)}} \{{ This does not happen with script-security plugin version 1.74.}} |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {code} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {code} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
New:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {code:java} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
| Description |
Original:
The upgrade of the the script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {code:java} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
New:
The upgrade of script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {code:java} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
| Description |
Original:
The upgrade of script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" block. The following example pipelineJob script recreates the problem: {code:java} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
New:
The upgrade of script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure {" closure. The following example pipelineJob script recreates the problem: {code:java} node('master') { stage('jobDsl configure test') { jobDsl( sandbox: true, scriptText: ''' pipelineJob('test-configure-job') configure { node -> node.append(test('Testing...')) } } ''', ) } } {code} When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following: {noformat} Processing provided DSL script java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;) at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135) at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194) at script$_run_closure1$_closure2.doCall(script:3) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566){noformat} This does not happen with script-security plugin version 1.74. |
| Labels | New: regression |