Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28586

Method access/properties inside Closure

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Consider a closure attempts to call methods/properties like the following:

      class Foo { def foo() {} }
      def c = { -> foo(); }
      c.delegate = new Foo();
      c();
      

      script-security currently tries to check the access at GroovyObject.invokeMethod. For example, the above would be rejected like this:

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (Script1$_run_closure1 foo)
      

      This is hardly useful, because GroovyObject.invokeMethod is too generic to whitelist. It's much more sensible to figure out where this call is actually handled (in this case Foo.foo, then check the access of the target (in the case above this would have been allowed via ClassLoaderWhitelist)

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/e7f8fa895cd3d69fe02ef89714bb09c4ef0fb15f
            Log:
            JENKINS-25119 Cleaning up test from #7.
            Also noting a closure bug perhaps related to JENKINS-28586: `it` does not work.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/e7f8fa895cd3d69fe02ef89714bb09c4ef0fb15f Log: JENKINS-25119 Cleaning up test from #7. Also noting a closure bug perhaps related to JENKINS-28586 : `it` does not work.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/c5cb52160a7a6296e6f9aee660d547abb18bb67d
            Log:
            Merge branch 'JENKINS-25119-addendum' into JENKINS-28586

            Compare: https://github.com/jenkinsci/script-security-plugin/compare/6d46df1cf867...c5cb52160a7a

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/c5cb52160a7a6296e6f9aee660d547abb18bb67d Log: Merge branch ' JENKINS-25119 -addendum' into JENKINS-28586 Compare: https://github.com/jenkinsci/script-security-plugin/compare/6d46df1cf867...c5cb52160a7a
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            http://jenkins-ci.org/commit/script-security-plugin/4766322f7de98cbc7feadd6504e4dc73469eff03
            Log:
            Merge branch 'misc-whitelists' into JENKINS-28586

            Compare: https://github.com/jenkinsci/script-security-plugin/compare/15509b51f02e...4766322f7de9

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist http://jenkins-ci.org/commit/script-security-plugin/4766322f7de98cbc7feadd6504e4dc73469eff03 Log: Merge branch 'misc-whitelists' into JENKINS-28586 Compare: https://github.com/jenkinsci/script-security-plugin/compare/15509b51f02e...4766322f7de9
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: http://jenkins-ci.org/commit/script-security-plugin/b924d4af32075a720fda5c94af56255e81cd1830 Log: Merge branch 'master' into JENKINS-28586 Compare: https://github.com/jenkinsci/script-security-plugin/compare/521a7af4dc91...b924d4af3207
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            pom.xml
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/50240737226721be75e913a70c5ad289975942cd
            Log:
            Merge pull request #13 from jenkinsci/JENKINS-28586

            [FIXED JENKINS-28586] handle method calls/property accesses via closure

            Compare: https://github.com/jenkinsci/script-security-plugin/compare/c6d43e762aa8...502407372267

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: pom.xml src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/50240737226721be75e913a70c5ad289975942cd Log: Merge pull request #13 from jenkinsci/ JENKINS-28586 [FIXED JENKINS-28586] handle method calls/property accesses via closure Compare: https://github.com/jenkinsci/script-security-plugin/compare/c6d43e762aa8...502407372267

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                kohsuke Kohsuke Kawaguchi
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: