-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Jenkins 2.479.1
git 5.7.0
script-security 1369.v9b_98a_4e95b_2d
workflow-multibranch 800.v5f0a_a_660950e
Jenkins is throwing a RejectedAccessException despise the GitSCM.getBrowser() method being whitelisted. SCM.getBrowser() is not whitelisted.
When multiple classes define / overload a method the script-security plugin selects the original declaring class instead of the overloading child class.
Given the following Jenkinsfile multi-branch pipeline backed by git:
pipeline {
agent any
stages {
stage('Stage') {
steps {
script {
println "class: " + scm.class
println "browser: " + scm.browser
}
}
}
}
}
The error:
13:22:25 [Pipeline] echo 13:22:25 class: class hudson.plugins.git.GitSCM 13:22:25 Scripts not permitted to use method hudson.scm.SCM getBrowser. Administrators can decide whether to approve or reject this signature. 13:22:25 [Pipeline] } . . . 13:22:25 org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method hudson.scm.SCM getBrowser 13:22:25 at PluginClassLoader for script-security//org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:244) 13:22:25 at PluginClassLoader for script-security//org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.rejectMethod(SandboxInterceptor.java:594) 13:22:25 at PluginClassLoader for script-security//org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.lambda$onGetProperty$7(SandboxInterceptor.java:302) 13:22:25 at PluginClassLoader for script-security//org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:386)
See this comment for further analysis.
- relates to
-
JENKINS-24982 Bottom-up white/blacklisting vs top-down
-
- Resolved
-
