Whitelist forms a tree structure to collectively define a complex rule, and sometimes one of them needs to recursively ask another question to be able to answer the current question at hand. This requires a Whitelist to be able to get a reference back to the root of the Whitelist tree.

An example of this happens in resolving JENKINS-28586. To decide if Closure.invokeMethod("toString") is safe or not, a Whitelist would need to know if Foo.toString() is safe or not. This is a general pattern that involves a proxy like behaviour.

When resolving this issue, don't forget to revisit the fix for JENKINS-28586.