Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63788

Job Dsl "configure" block does not work with latest script-security plugin

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: job-dsl-plugin
    • Labels:
    • Environment:
      Jenkins 2.258
      job-dsl plugin 1.77
      script-security plugin 1.75
    • Similar Issues:

      Description

      The upgrade of script-security plugin from 1.74 to 1.75 broke the behavior of existing Job Dsl jobs. This occurs when the Job Dsl is run in a sandbox and uses a "configure

      {" closure. The following example pipelineJob script recreates the problem: {code:java}

      node('master') {
        stage('jobDsl configure test') {
            jobDsl(
                sandbox: true,
                scriptText: '''
      pipelineJob('test-configure-job')
        configure

      { node ->       node.append(test('Testing...'))     }

      }
      ''',
              )
          }
      }

      
      

      When this script is run in a sandbox, with "Enable script security for Job DSL scripts" checked, it fails with the following:

       Processing provided DSL script
       java.lang.SecurityException: Rejecting unsandboxed method call: javaposse.jobdsl.dsl.jobs.WorkflowJob.invokeMethod(java.lang.String, [Ljava.lang.Object;)
       	at org.kohsuke.groovy.sandbox.impl.RejectEverythingInterceptor.onMethodCall(RejectEverythingInterceptor.java:44)
       	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:161)
       	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:165)
       	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)
       	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:135)
       	at org.kohsuke.groovy.sandbox.impl.Checker$checkedCall$0.callStatic(Unknown Source)
       	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
       	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
       	at script$_run_closure1$_closure2.doCall(script:3)
       	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
       	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       	at java.base/java.lang.reflect.Method.invoke(Method.java:566)

      This does not happen with script-security plugin version 1.74.

        Attachments

          Activity

            People

            Assignee:
            daspilker Daniel Spilker
            Reporter:
            olindaspider Patrick McNerthney
            Votes:
            24 Vote for this issue
            Watchers:
            32 Start watching this issue

              Dates

              Created:
              Updated: