Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46394

active choices reactive parameter cant load shared library

    XMLWordPrintable

Details

    Description

      In groovy script in parameter i havent access into Groovy shared library.

      I use version 1.5.3 of Active Choices Plugin.

      In job workflow works same include.

      Attachments

        Activity

          I agree, and really would like to implement it. But first would need to find either some good guidelines to avoid security issues later, or have a good amount of time to investigate possible solutions. The risk with this feature is that the plugin would be blacklisted (again) due to security issues in the implementation.

          kinow Bruno P. Kinoshita added a comment - I agree, and really would like to implement it. But first would need to find either some good guidelines to avoid security issues later, or have a good amount of time to investigate possible solutions. The risk with this feature is that the plugin would be blacklisted (again) due to security issues in the implementation.

          If anyone knows of a plugin doing something similar, that'd be helpful. Pull requests welcome as well

          kinow Bruno P. Kinoshita added a comment - If anyone knows of a plugin doing something similar, that'd be helpful. Pull requests welcome as well

          Any movement on this? This would be immensely helpful

          stevenacalhoun Steven Calhoun added a comment - Any movement on this? This would be immensely helpful

          None yet stevenacalhoun, sorry. The main blocker for me is i) other pending issues and, ii) I know I will need to spend some time investigating the following:

          • How can this be safely implemented?
          • Has any other plug-ins done it in a way that didn't result in an CVE and being blacklisted by the Jenkins Security team?
          • What would we need to tell users besides this new feature? (e.g. limitations, risks, etc)

          If anyone has time to do this investigation, then I could simply go with the best approach (if any), and/or confirm with the Jenkins Security team what they think about our decision.

          From memory, I had a solution from another plug-in (hmmm, ext-parameter? extended-parameter-choice? Some name like this), but got a message on IRC or in another media from core devs about the risks of this approach. Then, shortly after, we got blacklisted for other security issues, and the plug-in was unavailable for some weeks (can't recall if it completed 1 or 2 months of suspension until we sorted the CVE and released the fix).

          Hence my caution in implementing this feature (which I find very useful too for users).

          kinow Bruno P. Kinoshita added a comment - None yet stevenacalhoun , sorry. The main blocker for me is i) other pending issues and, ii) I know I will need to spend some time investigating the following: How can this be safely implemented? Has any other plug-ins done it in a way that didn't result in an CVE and being blacklisted by the Jenkins Security team? What would we need to tell users besides this new feature? (e.g. limitations, risks, etc) If anyone has time to do this investigation, then I could simply go with the best approach (if any), and/or confirm with the Jenkins Security team what they think about our decision. From memory, I had a solution from another plug-in (hmmm, ext-parameter? extended-parameter-choice? Some name like this), but got a message on IRC or in another media from core devs about the risks of this approach. Then, shortly after, we got blacklisted for other security issues, and the plug-in was unavailable for some weeks (can't recall if it completed 1 or 2 months of suspension until we sorted the CVE and released the fix). Hence my caution in implementing this feature (which I find very useful too for users).

          This will be very very .... very useful for us as well .

          limors Limor Segal Shevah added a comment - This will be very very .... very useful for us as well  .

          People

            kinow Bruno P. Kinoshita
            paveto Tomas Pavelka
            Votes:
            30 Vote for this issue
            Watchers:
            37 Start watching this issue

            Dates

              Created:
              Updated: