Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29541

workflow scripts can't use String.substring(int,int)

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      1.609.1, wf 1.8, secript-scurity 1.14

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method java.lang.String substring int int

      same for gstring.

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.codehaus.groovy.runtime.GStringImpl substring java.lang.Integer java.lang.Integer)

        Attachments

          Issue Links

            Activity

            Hide
            amuniz Antonio Muñiz added a comment -

            I think this PR on script-security-plugin is solving the issue.

            Show
            amuniz Antonio Muñiz added a comment - I think this PR on script-security-plugin is solving the issue.
            Hide
            teilo James Nord added a comment - - edited

            the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)

            Show
            teilo James Nord added a comment - - edited the second issue looks like it may be resolved (when using GString) - but I don;t see how this would change the lack of white list for java.lang.String.substring(...)
            Hide
            amuniz Antonio Muñiz added a comment -

            Oh, yeah, I thought that substring was listed in DefaultGroovyMethods, but it's not

            Show
            amuniz Antonio Muñiz added a comment - Oh, yeah, I thought that substring was listed in DefaultGroovyMethods , but it's not
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57
            Log:
            JENKINS-29541 Reproduced problem in test.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/45f6ad3caa5e4fb0b9ce7dfd4bf0d1ab1f487a57 Log: JENKINS-29541 Reproduced problem in test.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d
            Log:
            [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/3142de19b9b0879e5d424913ec9820b047183f3d Log: [FIXED JENKINS-29541] Methods with a GString receiver need to be treated as a String receiver as a fallback.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java
            src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java
            src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java
            http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b
            Log:
            Merge pull request #20 from jglick/GString-JENKINS-29541

            JENKINS-29541 GString receiver handling

            Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelector.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovyCallSiteSelectorTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/ccca55dd37aab9a5775b3b67ff0e61d5bd346b1b Log: Merge pull request #20 from jglick/GString- JENKINS-29541 JENKINS-29541 GString receiver handling Compare: https://github.com/jenkinsci/script-security-plugin/compare/92e5ffea3278...ccca55dd37aa

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                teilo James Nord
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: