-
Bug
-
Resolution: Not A Defect
-
Minor
-
None
-
Tested on Jenkins 2.401.1, with script security plugin version 1321.va_73c0795b_923
It is possible to add a malformed entry to the list of approved methods by running the following script in the script console:
def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get()String[] signs = [
"java.time.temporal.Temporal"
]
for( String sign : signs ) {
scriptApproval.approveSignature(sign)
}
scriptApproval.save()
println('Approved')
This script yields the following exception(with :
java.io.IOException: java.time.temporal.Temporal at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.parse(StaticWhitelist.java:175) at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.add(StaticWhitelist.java:191) at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.<init>(StaticWhitelist.java:95) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.configurationChanged(ScriptApproval.java:980) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.reconfigure(ScriptApproval.java:1140) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.approveSignature(ScriptApproval.java:1150) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval$approveSignature$0.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) at...{}
As a result, a malformed entry is added to the "signatures already approved" (check attachment):
The side effect of this is that any further approvals are failing because of this malformed entry:
2024-02-09 20:43:49.908+0000 [id=15485] WARNING o.e.j.s.h.ContextHandler$Context#log: Error while serving https://redacted.com/test/$stapler/bound/a8e18ebf-c302-4762-92d9-98bdc6ca9a56/approveSignature
java.io.IOException: java.time.temporal.Temporal
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.parse(StaticWhitelist.java:175)
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.add(StaticWhitelist.java:191)
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.<init>(StaticWhitelist.java:95)
at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.configurationChanged(ScriptApproval.java:980)
at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.reconfigure(ScriptApproval.java:1140)
at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.approveSignature(ScriptApproval.java:1150)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
Caused: java.lang.reflect.InvocationTargetException
The only workaround is to go and edit the scriptApproval.xml manually to remove the malformed entry and restart Jenkins.