Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27952

Scriptsecurity: match regex not permitted with conditional build step plugin

    Details

    • Similar Issues:

      Description

      Hi,

      We have the following configuration in a job:

        <builders>
          <org.jenkinsci.plugins.conditionalbuildstep.ConditionalBuilder plugin="conditional-buildstep@1.3.3">
            <runner class="org.jenkins_ci.plugins.run_condition.BuildStepRunner$Fail" plugin="run-condition@1.0"/>
            <runCondition class="org.jenkins_ci.plugins.run_condition.core.ExpressionCondition" plugin="run-condition@1.0">
              <expression>[24][x0-9][0-9]{2}</expression>
              <label>${TYPE}</label>
            </runCondition>
        ...
      

      When the Script Security Plugin is installed, we get the following error:

      SEVERE: Failed Loading job MyJob
      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter matchRegex java.lang.Object java.lang.Object
              at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:164)
              at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:100)
              at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:115)
              at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:112)
              at sun.reflect.GeneratedMethodAccessor108.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:606)
              at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
              at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
              at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.invoke(StaticMetaMethodSite.java:43)
              at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.callStatic(StaticMetaMethodSite.java:99)
              at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50)
              at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157)
              at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:177)
              at Script1.run(Script1.groovy:1)
              at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:139)
              at hudson.matrix.FilterScript.evaluate(FilterScript.java:45)
              at hudson.matrix.FilterScript.apply(FilterScript.java:85)
              at hudson.matrix.Combination.evalGroovyExpression(Combination.java:101)
              at hudson.matrix.Combination.evalGroovyExpression(Combination.java:91)
              at hudson.matrix.MatrixProject.rebuildConfigurations(MatrixProject.java:638)
              at hudson.matrix.MatrixProject.onLoad(MatrixProject.java:505)
              at hudson.model.Items.load(Items.java:279)
              at jenkins.model.Jenkins$17.run(Jenkins.java:2673)
              at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
              at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282)
              at jenkins.model.Jenkins$7.runTask(Jenkins.java:903)
              at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210)
              at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at java.lang.Thread.run(Thread.java:745)
      

      Note: The current workaround is to "Approve" the script via http://<jenkins-url>/scriptApproval/

        Attachments

          Activity

            People

            • Assignee:
              domi Dominik Bartholdi
              Reporter:
              tom_ghyselinck Tom Ghyselinck
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: