Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37378

Sandbox approval exceptions get hidden by try/catch pattern

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Component/s: pipeline
    • Labels:
      None
    • Similar Issues:

      Description

      Take the given example Pipeline:

      try {    
          node {
              List envVars = []
              List newVars = ['one', 'two']
              
              envVars.addAll(newVars)
              echo "hello world"
          }
      }
      catch (exc) {
          echo "I'm going to mail a build failure out about: ${exc}"
          currentBuild.result = 'FAILURE'
      }
      

      Which prints:

      Started by user admin
      [Pipeline] node
      Running on Azure0812014523 in /home/azureuser/workspace/Experiments/script-approval
      [Pipeline] {
      [Pipeline] }
      [Pipeline] // node
      [Pipeline] echo
      I'm going to mail a build failure out about: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method java.util.Collection addAll java.util.Collection
      [Pipeline] End of Pipeline
      Finished: FAILURE
      

      Unfortunately it seems that catching exceptions, which is as far as I know the standard pattern for reporting on build failures/errors, can also prevent Script Approval from working properly.

      One work-around would be to always add the following to catch blocks:

          if (exc.class == org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException) {
              throw exc
          }
      

      This works but needing to always include this in order to ensure that my In-process Script Approval seems very hackish. IMO Pipeline shouldn't be relying on exceptions bubbling out of the Pipeline for In-process script approvals.

        Attachments

          Issue Links

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                rtyler R. Tyler Croy
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: