Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-53424

script-security plugin breaks parameterized pipeline builds

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • script-security-plugin
    • None
    • Jenkins v2.141
      script-security-plugin v1.45
    • script-security 1.46

      After updating script-security-plugin to version 1.45 following exception occurred when executing paramertized pipeline build:

      groovy.lang.MissingPropertyException: No such property: string for class: groovy.lang.Binding
	at groovy.lang.Binding.getVariable(Binding.java:63)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:130)
	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
	at WorkflowScript.run(WorkflowScript:10)
	at ___cps.transform___(Native Method)
	at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.CollectionLiteralBlock$ContinuationImpl.dispatch(CollectionLiteralBlock.java:55)
	at com.cloudbees.groovy.cps.impl.CollectionLiteralBlock$ContinuationImpl.item(CollectionLiteralBlock.java:45)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
	at com.cloudbees.groovy.cps.Next.step(Next.java:83)
	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174)
	at com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163)
	at org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:122)
	at org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:261)
	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$101(SandboxContinuable.java:34)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.lambda$run0$0(SandboxContinuable.java:59)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:58)
	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:174)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:332)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$200(CpsThreadGroup.java:83)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:244)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:232)
	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

      Downgrading to v1.44 fixed the issue.

      Find below the list of installed plugins on this jenkins instance:

      Stash Pullrequest Builder Plugin (stash-pullrequest-builder): 1.7.0
Command Agent Launcher Plugin (command-launcher): 1.2
JIRA Trigger Plugin (jira-trigger): 0.6.3
Ant Plugin (ant): 1.8
PAM Authentication plugin (pam-auth): 1.4
Pipeline Maven Integration Plugin (pipeline-maven): 3.5.11
Pipeline: Model API (pipeline-model-api): 1.3.2
Monitoring (monitoring): 1.74.0
JavaScript GUI Lib: Handlebars bundle plugin (handlebars): 1.1.1
user build vars plugin (build-user-vars-plugin): 1.5
Pipeline: REST API Plugin (pipeline-rest-api): 2.10
Pipeline: Declarative Agent API (pipeline-model-declarative-agent): 1.1.1
Mercurial plugin (mercurial): 2.4
Parameterized Remote Trigger Plugin (Parameterized-Remote-Trigger): 3.0.5
Script Security Plugin (script-security): 1.44
Static Analysis Utilities (analysis-core): 1.95
Git plugin (git): 3.9.1
Pipeline: Basic Steps (workflow-basic-steps): 2.10
Display URL API (display-url-api): 2.2.0
Email Extension Plugin (email-ext): 2.63
Job Configuration History Plugin (jobConfigHistory): 2.18
Pipeline Graph Analysis Plugin (pipeline-graph-analysis): 1.7
JaCoCo plugin (jacoco): 3.0.3
Build Pipeline Plugin (build-pipeline-plugin): 1.5.8
Pipeline: Shared Groovy Libraries (workflow-cps-global-lib): 2.10
Server Sent Events (SSE) Gateway Plugin (sse-gateway): 1.15
promoted builds plugin (promoted-builds): 3.2
Gradle Plugin (gradle): 1.29
Durable Task Plugin (durable-task): 1.25
OpenID4Java API (openid4java): 0.9.8.0
Build Monitor View (build-monitor-plugin): 1.12+build.201805070054
Timestamper (timestamper): 1.8.10
Pipeline: Milestone Step (pipeline-milestone-step): 1.3.1
Bitbucket Pullrequest Builder Plugin (bitbucket-pullrequest-builder): 1.4.26
Crowd 2 Integration (crowd2): 2.0.0
Icon Shim Plugin (icon-shim): 2.0.3
Mashup Portlets (mashup-portlets-plugin): 1.0.9
Pipeline: SCM Step (workflow-scm-step): 2.6
ChuckNorris Plugin (chucknorris): 1.1
Windows Slaves Plugin (windows-slaves): 1.3.1
Marathon Deployment (marathon): 1.6.0
Apache HttpComponents Client 4.x API Plugin (apache-httpcomponents-client-4-api): 4.5.5-3.0
GIT server Plugin (git-server): 1.7
CloudBees Amazon Web Services Credentials Plugin (aws-credentials): 1.23
jQuery plugin (jquery): 1.12.4-0
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin (jquery-detached): 1.2.1
Discard Old Build plugin (discard-old-build): 1.05
docker-build-step (docker-build-step): 2.0
JClouds plugin (jclouds-jenkins): 2.14
JavaScript GUI Lib: Moment.js bundle plugin (momentjs): 1.1.1
Green Balls (greenballs): 1.15
Subversion Plug-in (subversion): 2.11.1
JavaScript GUI Lib: ACE Editor bundle plugin (ace-editor): 1.1
Bitbucket Plugin (bitbucket): 1.1.8
Dashboard View (dashboard-view): 2.9.11
description setter plugin (description-setter): 1.10
Metrics Plugin (metrics): 4.0.2.2
SonarQube Scanner for Jenkins (sonar): 2.8
Infrastructure plugin for Publish Over X (publish-over): 0.22
OWASP Dependency-Check Plugin (dependency-check-jenkins-plugin): 3.3.1
Checkstyle Plug-in (checkstyle): 3.50
nvm wrapper (nvm-wrapper): 0.1.5
OWASP Markup Formatter Plugin (antisamy-markup-formatter): 1.5
Bitbucket Approve Plugin (bitbucket-approve): 1.0.3
Credentials Plugin (credentials): 2.1.18
Javadoc Plugin (javadoc): 1.4
Role-based Authorization Strategy (role-strategy): 2.9.0
Pipeline: Stage Step (pipeline-stage-step): 2.3
Pipeline (workflow-aggregator): 2.5
Hudson global-build-stats plugin (global-build-stats): 1.5
Token Macro Plugin (token-macro): 2.5
bouncycastle API Plugin (bouncycastle-api): 2.17
SSH Credentials Plugin (ssh-credentials): 1.14
Pipeline: Supporting APIs (workflow-support): 2.20
Ivy Plugin (ivy): 1.28
Pipeline: Declarative (pipeline-model-definition): 1.3.2
GitHub API Plugin (github-api): 1.92
Warnings Plug-in (warnings): 4.68
Maven Integration plugin (maven-plugin): 3.1.2
FindBugs Plug-in (findbugs): 4.72
Throttle Concurrent Builds Plug-in (throttle-concurrents): 2.0.1
Plain Credentials Plugin (plain-credentials): 1.4
JiraTestResultReporter plugin (JiraTestResultReporter): 2.0.6
Amazon Web Services SDK (aws-java-sdk): 1.11.341
GitHub Branch Source Plugin (github-branch-source): 2.3.6
Static Analysis Collector Plug-in (analysis-collector): 1.52
Workspace Cleanup Plugin (ws-cleanup): 0.34
Jackson 2 API Plugin (jackson2-api): 2.8.11.3
Pipeline: API (workflow-api): 2.29
Confluence Publisher (confluence-publisher): 2.0.3
External Monitor Job Type Plugin (external-monitor-job): 1.7
LDAP Plugin (ldap): 1.20
Pipeline: Groovy (workflow-cps): 2.54
REPO plugin (repo): 1.10.7
GitHub Organization Folder Plugin (github-organization-folder): 1.6
Parallel Test Executor Plugin (parallel-test-executor): 1.10
Credentials Binding Plugin (credentials-binding): 1.16
Plugin Usage - Plugin (plugin-usage-plugin): 0.4
Favorite (favorite): 2.3.2
SSH plugin (ssh): 2.6.1
JIRA Pipeline Steps (jira-steps): 1.4.4
Pipeline: Multibranch (workflow-multibranch): 2.20
Docker Pipeline (docker-workflow): 1.17
Safe Restart Plugin (saferestart): 0.3
Folders Plugin (cloudbees-folder): 6.5.1
Violation Comments to Bitbucket Server Plugin (violation-comments-to-stash): 1.78
Matrix Project Plugin (matrix-project): 1.13
Build Timeout (build-timeout): 1.19
MapDB API Plugin (mapdb-api): 1.0.9.0
NodeJS Plugin (nodejs): 1.2.6
JUnit Plugin (junit): 1.24
Conditional BuildStep (conditional-buildstep): 1.3.6
Amazon EC2 plugin (ec2): 1.39
JIRA plugin (jira): 3.0.1
Docker Commons Plugin (docker-commons): 1.13
EnvInject API Plugin (envinject-api): 1.5
Pipeline: Stage Tags Metadata (pipeline-stage-tags-metadata): 1.3.2
Handy Uri Templates 2.x API Plugin (handy-uri-templates-2-api): 2.1.6-1.0
Lockable Resources plugin (lockable-resources): 2.3
Pipeline: GitHub Groovy Libraries (pipeline-github-lib): 1.0
Call Remote Job Plugin (call-remote-job-plugin): 1.0.21
Multiple SCMs plugin (multiple-scms): 0.6
Gatling Jenkins Plugin (gatling): 1.2.5
Pub-Sub "light" Bus (pubsub-light): 1.12
Node Iterator API Plugin (node-iterator-api): 1.5.0
Sonargraph Integration Jenkins Plugin (sonargraph-integration): 2.1.2
Run Condition Plugin (run-condition): 1.2
SSH Agent Plugin (ssh-agent): 1.16
SCM API Plugin (scm-api): 2.2.7
SSH Slaves plugin (ssh-slaves): 1.28
openid (openid): 2.2
Pipeline: Job (workflow-job): 2.24
ThinBackup (thinBackup): 1.9
OAuth Credentials plugin (oauth-credentials): 0.3
Violations plugin (violations): 0.7.11
Environment Injector Plugin (envinject): 2.1.6
Pipeline: Build Step (pipeline-build-step): 2.7
Git client plugin (git-client): 2.7.3
Resource Disposer Plugin (resource-disposer): 0.12
Jira Issue Updater (jenkins-jira-issue-updater): 1.18
enhanced-old-build-discarder (enhanced-old-build-discarder): 1.0
Pipeline: Nodes and Processes (workflow-durable-task-step): 2.21
JSch dependency plugin (jsch): 0.1.54.2
Mailer Plugin (mailer): 1.21
Pipeline: Declarative Extension Points API (pipeline-model-extensions): 1.3.2
Bitbucket Branch Source Plugin (cloudbees-bitbucket-branch-source): 2.2.12
Variant Plugin (variant): 1.1
embeddable-build-status (embeddable-build-status): 1.9
Authentication Tokens API Plugin (authentication-tokens): 1.3
Gravatar plugin (gravatar): 2.1
Structs Plugin (structs): 1.14
Artifactory Plugin (artifactory): 2.16.2
Pipeline: Step API (workflow-step-api): 2.16
Publish Over SSH (publish-over-ssh): 1.19.1
Pipeline: Input Step (pipeline-input-step): 2.8
Task Scanner Plug-in (tasks): 4.52
Pipeline: Stage View Plugin (pipeline-stage-view): 2.10
Git Changelog (git-changelog): 2.7
Config File Provider Plugin (config-file-provider): 2.18
Matrix Authorization Strategy Plugin (matrix-auth): 2.3
GitHub plugin (github): 1.29.2
Branch API Plugin (branch-api): 2.0.20
JDK Tool Plugin (jdk-tool): 1.1
Bitbucket Build Status Notifier Plugin (bitbucket-build-status-notifier): 1.4.0
EC2 Fleet Jenkins Plugin (ec2-fleet): 1.1.7
Parameterized Trigger plugin (parameterized-trigger): 2.35.2
Queue cleanup Plugin (queue-cleanup): 1.0
HipChat Plugin (hipchat): 2.2.0
Pipeline Utility Steps (pipeline-utility-steps): 2.1.0
Result: [Plugin:stash-pullrequest-builder, Plugin:command-launcher, Plugin:jira-trigger, Plugin:ant, Plugin:pam-auth, Plugin:pipeline-maven, Plugin:pipeline-model-api, Plugin:monitoring, Plugin:handlebars, Plugin:build-user-vars-plugin, Plugin:pipeline-rest-api, Plugin:pipeline-model-declarative-agent, Plugin:mercurial, Plugin:Parameterized-Remote-Trigger, Plugin:script-security, Plugin:analysis-core, Plugin:git, Plugin:workflow-basic-steps, Plugin:display-url-api, Plugin:email-ext, Plugin:jobConfigHistory, Plugin:pipeline-graph-analysis, Plugin:jacoco, Plugin:build-pipeline-plugin, Plugin:workflow-cps-global-lib, Plugin:sse-gateway, Plugin:promoted-builds, Plugin:gradle, Plugin:durable-task, Plugin:openid4java, Plugin:build-monitor-plugin, Plugin:timestamper, Plugin:pipeline-milestone-step, Plugin:bitbucket-pullrequest-builder, Plugin:crowd2, Plugin:icon-shim, Plugin:mashup-portlets-plugin, Plugin:workflow-scm-step, Plugin:chucknorris, Plugin:windows-slaves, Plugin:marathon, Plugin:apache-httpcomponents-client-4-api, Plugin:git-server, Plugin:aws-credentials, Plugin:jquery, Plugin:jquery-detached, Plugin:discard-old-build, Plugin:docker-build-step, Plugin:jclouds-jenkins, Plugin:momentjs, Plugin:greenballs, Plugin:subversion, Plugin:ace-editor, Plugin:bitbucket, Plugin:dashboard-view, Plugin:description-setter, Plugin:metrics, Plugin:sonar, Plugin:publish-over, Plugin:dependency-check-jenkins-plugin, Plugin:checkstyle, Plugin:nvm-wrapper, Plugin:antisamy-markup-formatter, Plugin:bitbucket-approve, Plugin:credentials, Plugin:javadoc, Plugin:role-strategy, Plugin:pipeline-stage-step, Plugin:workflow-aggregator, Plugin:global-build-stats, Plugin:token-macro, Plugin:bouncycastle-api, Plugin:ssh-credentials, Plugin:workflow-support, Plugin:ivy, Plugin:pipeline-model-definition, Plugin:github-api, Plugin:warnings, Plugin:maven-plugin, Plugin:findbugs, Plugin:throttle-concurrents, Plugin:plain-credentials, Plugin:JiraTestResultReporter, Plugin:aws-java-sdk, Plugin:github-branch-source, Plugin:analysis-collector, Plugin:ws-cleanup, Plugin:jackson2-api, Plugin:workflow-api, Plugin:confluence-publisher, Plugin:external-monitor-job, Plugin:ldap, Plugin:workflow-cps, Plugin:repo, Plugin:github-organization-folder, Plugin:parallel-test-executor, Plugin:credentials-binding, Plugin:plugin-usage-plugin, Plugin:favorite, Plugin:ssh, Plugin:jira-steps, Plugin:workflow-multibranch, Plugin:docker-workflow, Plugin:saferestart, Plugin:cloudbees-folder, Plugin:violation-comments-to-stash, Plugin:matrix-project, Plugin:build-timeout, Plugin:mapdb-api, Plugin:nodejs, Plugin:junit, Plugin:conditional-buildstep, Plugin:ec2, Plugin:jira, Plugin:docker-commons, Plugin:envinject-api, Plugin:pipeline-stage-tags-metadata, Plugin:handy-uri-templates-2-api, Plugin:lockable-resources, Plugin:pipeline-github-lib, Plugin:call-remote-job-plugin, Plugin:multiple-scms, Plugin:gatling, Plugin:pubsub-light, Plugin:node-iterator-api, Plugin:sonargraph-integration, Plugin:run-condition, Plugin:ssh-agent, Plugin:scm-api, Plugin:ssh-slaves, Plugin:openid, Plugin:workflow-job, Plugin:thinBackup, Plugin:oauth-credentials, Plugin:violations, Plugin:envinject, Plugin:pipeline-build-step, Plugin:git-client, Plugin:resource-disposer, Plugin:jenkins-jira-issue-updater, Plugin:enhanced-old-build-discarder, Plugin:workflow-durable-task-step, Plugin:jsch, Plugin:mailer, Plugin:pipeline-model-extensions, Plugin:cloudbees-bitbucket-branch-source, Plugin:variant, Plugin:embeddable-build-status, Plugin:authentication-tokens, Plugin:gravatar, Plugin:structs, Plugin:artifactory, Plugin:workflow-step-api, Plugin:publish-over-ssh, Plugin:pipeline-input-step, Plugin:tasks, Plugin:pipeline-stage-view, Plugin:git-changelog, Plugin:config-file-provider, Plugin:matrix-auth, Plugin:github, Plugin:branch-api, Plugin:jdk-tool, Plugin:bitbucket-build-status-notifier, Plugin:ec2-fleet, Plugin:parameterized-trigger, Plugin:queue-cleanup, Plugin:hipchat, Plugin:pipeline-utility-steps]
Page generated: Sep 5, 2018 6:49:40 AM UTCREST APIJenkins ver. 2.141

            sjh65535 sun shuanjijn
            axdotl Axel Köhler
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: