Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42214

Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • script-security-plugin
    • None
    • Jenkins 2.46, Script Security Plugin 1.26
    • script-security 1218.v39ca_7f7ed0a_c

      Since hudson.scm.EditType implementation has not changed in the last 10 years, I think either the white listing never ever worked, or (less likely?) the white listing syntax changed and in the past there was no differentiation between static and non-static fields.

      Anyway, could you please change the following in "org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist":

      • From old: 
        field hudson.scm.EditType ADD
field hudson.scm.EditType DELETE
field hudson.scm.EditType EDIT
      • => New: 
        staticField hudson.scm.EditType ADD
staticField hudson.scm.EditType DELETE
staticField hudson.scm.EditType EDIT

            dnusbaum Devin Nusbaum
            reinholdfuereder Reinhold Füreder
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: