Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28154

IllegalArgumentException thrown when some binary operators are used

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Following exception is thrown when version in ["1.0", "1.1"] used as combination filter. Other operators might cause problems as well since org.codehaus.groovy.syntax.Types seems to define lot more codes than org.kohsuke.groovy.sandbox.impl.Ops.

      WARNING: Error while serving http://localhost:8080/job/matrix/configSubmit
      java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:606)
      	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: 573
      	at org.kohsuke.groovy.sandbox.impl.Ops.binaryOperatorMethods(Ops.java:29)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedBinaryOp(Checker.java:347)
      	at org.kohsuke.groovy.sandbox.impl.Checker$checkedBinaryOp.callStatic(Unknown Source)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:173)
      	at Script1.run(Script1.groovy:1)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:139)
      	at hudson.matrix.FilterScript.evaluate(FilterScript.java:45)
      	at hudson.matrix.FilterScript.apply(FilterScript.java:85)
      	at hudson.matrix.Combination.evalGroovyExpression(Combination.java:101)
      	at hudson.matrix.Combination.evalGroovyExpression(Combination.java:91)
      	at hudson.matrix.MatrixProject.rebuildConfigurations(MatrixProject.java:638)
      	at hudson.matrix.MatrixProject.submit(MatrixProject.java:887)
      	at hudson.model.Job.doConfigSubmit(Job.java:1188)
      	at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:785)
      	... 60 more
      

        Attachments

          Issue Links

            Activity

            Hide
            adrien Adrien CLERC added a comment - - edited

            This indeed VERY annoying. The sandbox seems to apply to matrix combination filters. E.g.

            !( ( distribution==/^opensuse13./ && VERSION<="1.53" ) || ( distribution==/^sles10./ && VERSION>="1.53" ) )

            gives the following stack trace:
            SEVERE: Failed Loading job boost
            Throwable occurred: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runti
            me.ScriptBytecodeAdapter matchRegex java.lang.Object java.lang.Object
            at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:164)
            at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:102)
            at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:115)
            at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:112)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
            at java.lang.reflect.Method.invoke(Method.java:611)
            at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90)
            at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233)
            at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.invoke(StaticMetaMethodSite.java:43)
            at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.callStatic(StaticMetaMethodSite.java:99)
            at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50)
            at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157)
            at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:177)
            at Script1.run(Script1.groovy:1)
            at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:139)
            at hudson.matrix.FilterScript.evaluate(FilterScript.java:45)
            at hudson.matrix.FilterScript.apply(FilterScript.java:85)
            at hudson.matrix.Combination.evalGroovyExpression(Combination.java:101)
            at hudson.matrix.Combination.evalGroovyExpression(Combination.java:91)
            at hudson.matrix.MatrixProject.rebuildConfigurations(MatrixProject.java:638)
            at hudson.matrix.MatrixProject.onLoad(MatrixProject.java:505)
            at hudson.model.Items.load(Items.java:322)
            at jenkins.model.Jenkins$17.run(Jenkins.java:2655)
            at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
            at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282)
            at jenkins.model.Jenkins$7.runTask(Jenkins.java:905)
            at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210)
            at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:908)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:931)
            at java.lang.Thread.run(Thread.java:738)

            I hope this is fixable, otherwise, the "use sandbox as default" should be reverted.

            Show
            adrien Adrien CLERC added a comment - - edited This indeed VERY annoying. The sandbox seems to apply to matrix combination filters. E.g. !( ( distribution== /^opensuse13. / && VERSION<="1.53" ) || ( distribution== /^sles10. / && VERSION>="1.53" ) ) gives the following stack trace: SEVERE: Failed Loading job boost Throwable occurred: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runti me.ScriptBytecodeAdapter matchRegex java.lang.Object java.lang.Object at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:164) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:102) at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:115) at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:112) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:611) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233) at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.invoke(StaticMetaMethodSite.java:43) at org.codehaus.groovy.runtime.callsite.StaticMetaMethodSite.callStatic(StaticMetaMethodSite.java:99) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:50) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:157) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:177) at Script1.run(Script1.groovy:1) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.run(GroovySandbox.java:139) at hudson.matrix.FilterScript.evaluate(FilterScript.java:45) at hudson.matrix.FilterScript.apply(FilterScript.java:85) at hudson.matrix.Combination.evalGroovyExpression(Combination.java:101) at hudson.matrix.Combination.evalGroovyExpression(Combination.java:91) at hudson.matrix.MatrixProject.rebuildConfigurations(MatrixProject.java:638) at hudson.matrix.MatrixProject.onLoad(MatrixProject.java:505) at hudson.model.Items.load(Items.java:322) at jenkins.model.Jenkins$17.run(Jenkins.java:2655) at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169) at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:282) at jenkins.model.Jenkins$7.runTask(Jenkins.java:905) at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:210) at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:908) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:931) at java.lang.Thread.run(Thread.java:738) I hope this is fixable, otherwise, the "use sandbox as default" should be reverted.
            Hide
            jglick Jesse Glick added a comment -

            Adrien CLERC what you describe is unrelated to this issue, and not a bug. It simply means that staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter matchRegex java.lang.Object java.lang.Object needs to be approved by an administrator before use. JENKINS-25804 would do so by default.

            Show
            jglick Jesse Glick added a comment - Adrien CLERC what you describe is unrelated to this issue, and not a bug. It simply means that staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter matchRegex java.lang.Object java.lang.Object needs to be approved by an administrator before use. JENKINS-25804 would do so by default.
            Hide
            adrien Adrien CLERC added a comment -

            OK, thanks for the link, and sorry for the noise. I really thought it was linked to the last update.

            Show
            adrien Adrien CLERC added a comment - OK, thanks for the link, and sorry for the noise. I really thought it was linked to the last update.
            Hide
            olivergondza Oliver Gondža added a comment -

            Fix proposed

            Show
            olivergondza Oliver Gondža added a comment - Fix proposed
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oliver Gondža
            Path:
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest/all.groovy
            http://jenkins-ci.org/commit/script-security-plugin/7868c5ed4e1e5a92247080625ca4a7f59dce56b7
            Log:
            JENKINS-28154 Reproduce in unittest

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oliver Gondža Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest/all.groovy http://jenkins-ci.org/commit/script-security-plugin/7868c5ed4e1e5a92247080625ca4a7f59dce56b7 Log: JENKINS-28154 Reproduce in unittest
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest/all.groovy
            http://jenkins-ci.org/commit/script-security-plugin/b8b421f6836e72bfaf865971e9fa2734700f2574
            Log:
            Merge pull request #23 from jglick/olivergondza-excercise-operators

            [FIXED JENKINS-28154] Confirm fix of problem with operators

            Compare: https://github.com/jenkinsci/script-security-plugin/compare/7f3e2a73353f...b8b421f6836e

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java src/test/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest/all.groovy http://jenkins-ci.org/commit/script-security-plugin/b8b421f6836e72bfaf865971e9fa2734700f2574 Log: Merge pull request #23 from jglick/olivergondza-excercise-operators [FIXED JENKINS-28154] Confirm fix of problem with operators Compare: https://github.com/jenkinsci/script-security-plugin/compare/7f3e2a73353f...b8b421f6836e
            Hide
            jglick Jesse Glick added a comment -

            Should be fixed in 1.15.

            Show
            jglick Jesse Glick added a comment - Should be fixed in 1.15.

              People

              • Assignee:
                olivergondza Oliver Gondža
                Reporter:
                olivergondza Oliver Gondža
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: