Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46391

Neither ~/foo/ nor java.util.regex.Pattern.compile("foo") are whitelisted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • script-security-plugin
    • None
    • workflow-cps 2.39, script-security 1.33

      Outside the sandbox, the following will correctly echo java.util.regex.Pattern

      def f = ~/foo/
echo f.class.toString()

      But when sandboxed, it barfs with RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter bitwiseNegate java.lang.Object.

      This is distinct to CPS-transformed code - if that's in a @NonCPS method or any other non-CPS sandboxed code, it works fine. Somehow we're misidentifying the ~/foo/ in sandboxed CPS code.

      EDIT: Amending to include the fact that staticMethod java.util.regex.Pattern compile java.lang.String is not whitelisted. That should be fixed too.

            abayer Andrew Bayer
            abayer Andrew Bayer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: