-
Improvement
-
Resolution: Fixed
-
Minor
-
None
Pending review of course. Not sure what security implications there might be here.
To reproduce:
node {
env.WORKSPACE = pwd()
test = env.WORKSPACE.drop(3)
}
Results in:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:174)
Reproducible with Sandbox enabled (or using Jenkinsfile obviously)