Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64032

Groovy-backed &#64 when input @ after 2.5.1 upgrade

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • active-choices-plugin
    • None
    • 2.5.1

      When I input @, it returns &#64

      ex:

      input:'git@gitlab.com:xzdry:xxxxxx.git'

      expect:'git@gitlab.com:xzdry:xxxxxx.git'

      actual return:'git&#64gitlab.com:xzdry:xxxxxx.git'

          [JENKINS-64032] Groovy-backed &#64 when input @ after 2.5.1 upgrade

          Hi xzdry,

           

          Thanks for reporting the issue with example and expected/received results. Looks like we are filtering a bit too much of the code. Given the risk of a security regression for a recent CVE, I will try to take some time to understand what's going on and how to fix it (even though the fix should be simple, I will need some time to confirm it's not going to result in a new CVE).

          Cheers

          Bruno

          Bruno P. Kinoshita added a comment - Hi xzdry ,   Thanks for reporting the issue with example and expected/received results. Looks like we are filtering a bit too much of the code. Given the risk of a security regression for a recent CVE, I will try to take some time to understand what's going on and how to fix it (even though the fix should be simple, I will need some time to confirm it's not going to result in a new CVE). Cheers Bruno

          xz dry added a comment -

          thanks for your reply

          I will waiting for your good news

          xz dry added a comment - thanks for your reply I will waiting for your good news

          xzdry whenever you report an issue, the more information you provide the merrier. I've had a bit of spare time today, and am doing some triaging, and trying to fix simple issues, or regressions.

          From your issue description, I thought it could be related to a recent change, but without knowing which parameters you used exactly, my first try was a simple String param, and a reactive param "reacting" to changes of the String param.

          With this scenario I think your case worked for me.

          Let me try now with some other combination of params...

          Bruno P. Kinoshita added a comment - xzdry whenever you report an issue, the more information you provide the merrier. I've had a bit of spare time today, and am doing some triaging, and trying to fix simple issues, or regressions. From your issue description, I thought it could be related to a recent change, but without knowing which parameters you used exactly, my first try was a simple String param, and a reactive param "reacting" to changes of the String param. With this scenario I think your case worked for me. Let me try now with some other combination of params...

          Reactive reference parameter working apparently OK too.

           

          Bruno P. Kinoshita added a comment - Reactive reference parameter working apparently OK too.  

          Closing as Cannot Reproduce.

          I've tried the combinations I could think of. Also had a look at the value provided in the build:

          It could be caused by some security setting in Jenkins, or if you are sending the parameter value in a different way I guess? In case the issue persist, you could either decode the values in your build, or feel free to re-open with some details to reproduce the issue.

          Good examples of helpful information are config.xml example file, screenshots, description of the setup, etc.

          Bruno P. Kinoshita added a comment - Closing as Cannot Reproduce. I've tried the combinations I could think of. Also had a look at the value provided in the build: It could be caused by some security setting in Jenkins, or if you are sending the parameter value in a different way I guess? In case the issue persist, you could either decode the values in your build, or feel free to re-open with some details to reproduce the issue. Good examples of helpful information are config.xml example file, screenshots, description of the setup, etc.

          xz dry added a comment -

          After my test, it should be because of the security setting
          I checked "Use Groovy Sandbox"" which caused this problem
          This is no problem in the previous version
          I am a newcomer using jenkins, so I don’t know the mechanism inside.
          Thank you for your testing and guidance again

          xz dry added a comment - After my test, it should be because of the security setting I checked "Use Groovy Sandbox"" which caused this problem This is no problem in the previous version I am a newcomer using jenkins, so I don’t know the mechanism inside. Thank you for your testing and guidance again

          Reopen this issue as we still face it :

          jenkins-core 2.263.4

          active-choises 2.5.5

          JENKINS-64032-config.xml

          Alexander Moiseenko added a comment - Reopen this issue as we still face it : jenkins-core 2.263.4 active-choises 2.5.5 JENKINS-64032-config.xml

            kinow Bruno P. Kinoshita
            xzdry xz dry
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: