Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63983

Active Choice Plugin - Annotation Grapes cannot be used in the sandbox

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Fixed but Unreleased (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: active-choices-plugin
    • Labels:
      None
    • Environment:
      Jenkins Version 2.206
    • Similar Issues:

      Description

      If I upgrade to v2.5.1 from v2.4 my active choice parameters fail with a security issue " Annotation Grapes cannot be used in the sandbox"

      My script is a groovy scriptler script with @Grab annotation in it to pull in a library.

       

      Rollback to v2.4 fixes the issue so something in 2.5 or 2.5.1 has broken this. Maybe I am missing a parameter in my scriptler script to not run in sandbox?

       

      Full stack trace attached

        Attachments

          Activity

          Hide
          elivak7 eli vaknin added a comment -

          Hi Bruno,

          thanks for your prompt answer.

          I didn't find any other way to achieve this - so I decided to downgrade to 2.4.

          if I'll find something I'll update it here.

           

          Kudos for this awesome plug-in!

          Show
          elivak7 eli vaknin added a comment - Hi Bruno, thanks for your prompt answer. I didn't find any other way to achieve this - so I decided to downgrade to 2.4. if I'll find something I'll update it here.   Kudos for this awesome plug-in!
          Hide
          presslej James Pressley added a comment -

          Hi Bruno P. Kinoshita ,

           

          Surely we just need the link that the scriptler script has been approved. Therefore anything that runs as part of the script is approved including @Grab notation. It's quite annoying not being able to update to the latest version

          Show
          presslej James Pressley added a comment - Hi Bruno P. Kinoshita ,   Surely we just need the link that the scriptler script has been approved. Therefore anything that runs as part of the script is approved including @Grab notation. It's quite annoying not being able to update to the latest version
          Hide
          asc3nsi0n Kenny added a comment -

          Hi Bruno,

          I just wanted to follow up on this issue. We recently upgraded the plugin and noticed that the HTML output of our Scriptler scripts is being sanitized, due to being run in the sandbox. I agree with James that the plugin should run Scriptler scripts outside of the sandbox if they have been approved by an admin. If you agree that this is an acceptable solution I can try to work on it and submit a PR.

          Thanks,
          Kenny

          Show
          asc3nsi0n Kenny added a comment - Hi Bruno, I just wanted to follow up on this issue. We recently upgraded the plugin and noticed that the HTML output of our Scriptler scripts is being sanitized, due to being run in the sandbox. I agree with James that the plugin should run Scriptler scripts outside of the sandbox if they have been approved by an admin. If you agree that this is an acceptable solution I can try to work on it and submit a PR. Thanks, Kenny
          Hide
          kinow Bruno P. Kinoshita added a comment -

          Fixed thanks to a pull request. To be released with 2.5.7. Thanks!

          Show
          kinow Bruno P. Kinoshita added a comment - Fixed thanks to a pull request. To be released with 2.5.7. Thanks!
          Hide
          livelace Oleg Popov added a comment -

          It works for me! Thanks!

          Show
          livelace Oleg Popov added a comment - It works for me! Thanks!

            People

            Assignee:
            kinow Bruno P. Kinoshita
            Reporter:
            presslej James Pressley
            Votes:
            4 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: