It is possible to add malformed entries to the list of approved methods using the script console.

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      It is possible to add a malformed entry to the list of approved methods by running the following script in the script console:

      def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get()String[] signs = [
            "java.time.temporal.Temporal"
      ]

      for( String sign : signs ) {
          scriptApproval.approveSignature(sign)
      }

      scriptApproval.save()
      println('Approved')

       

      This script yields the following exception(with :

      java.io.IOException: java.time.temporal.Temporal at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.parse(StaticWhitelist.java:175) at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.add(StaticWhitelist.java:191) at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.<init>(StaticWhitelist.java:95) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.configurationChanged(ScriptApproval.java:980) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.reconfigure(ScriptApproval.java:1140) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.approveSignature(ScriptApproval.java:1150) at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval$approveSignature$0.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) at...{}

      As a result, a malformed entry is added to the "signatures already approved" (check attachment):

       

      The side effect of this is that any further approvals are failing because of this malformed entry:

      2024-02-09 20:43:49.908+0000 [id=15485]    WARNING    o.e.j.s.h.ContextHandler$Context#log: Error while serving https://redacted.com/test/$stapler/bound/a8e18ebf-c302-4762-92d9-98bdc6ca9a56/approveSignature
      java.io.IOException: java.time.temporal.Temporal
          at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.parse(StaticWhitelist.java:175)
          at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.add(StaticWhitelist.java:191)
          at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.<init>(StaticWhitelist.java:95)
          at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.configurationChanged(ScriptApproval.java:980)
          at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.reconfigure(ScriptApproval.java:1140)
          at org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.approveSignature(ScriptApproval.java:1150)
          at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
          at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
      Caused: java.lang.reflect.InvocationTargetException

       

      The only workaround is to go and edit the scriptApproval.xml manually to remove the malformed entry and restart Jenkins.

        1. image-2024-02-09-12-37-14-315.png
          image-2024-02-09-12-37-14-315.png
          55 kB

            Assignee:
            Unassigned
            Reporter:
            Bertrand
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: