Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-37541

NPE while getting getSensitiveBuildVariables in a build

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      One of my customers is getting this error while browsing views or trying to browse 'Configure system'. In both cases, the following stacktrace is displayed in the logs, which leads me to think SecretBuildWrapper#bindings is null for at least one build on his system.

      2016-08-19 02:05:41.007+0000 [id=90293]	WARNING	h.ExpressionFactory2$JexlExpression#evaluate: Caught exception evaluating: am.isActivated() and am.isEnabled() in /manage. Reason: java.lang.NullPointerExceptionjava.lang.NullPointerException
      	at org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper.makeSensitiveBuildVariables(SecretBuildWrapper.java:76)
      	at hudson.model.AbstractBuild.getSensitiveBuildVariables(AbstractBuild.java:1022)
      	at au.com.centrumsystems.hudson.plugin.util.BuildUtil.getUnsensitiveParameters(BuildUtil.java:177)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.<init>(ProjectForm.java:131)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.<init>(ProjectForm.java:108)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.<init>(ProjectForm.java:88)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.as(ProjectForm.java:145)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.DownstreamProjectGridBuilder$GridImpl.<init>(DownstreamProjectGridBuilder.java:77)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.DownstreamProjectGridBuilder$GridImpl.<init>(DownstreamProjectGridBuilder.java:58)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.DownstreamProjectGridBuilder.build(DownstreamProjectGridBuilder.java:227)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView.getBuildPipelineForm(BuildPipelineView.java:354)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView.getItems(BuildPipelineView.java:816)
      	at au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView.hasPermission(BuildPipelineView.java:884)
      	at hudson.model.ViewGroupMixIn.getViews(ViewGroupMixIn.java:115)
      	at jenkins.model.Jenkins.getViews(Jenkins.java:1469)
      	at hudson.diagnosis.TooManyJobsButNoView.isActivated(TooManyJobsButNoView.java:46)
      	at sun.reflect.GeneratedMethodAccessor424.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:497)
      	at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
      	at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
      	at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
      	at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
      	at org.apache.commons.jexl.parser.ASTAndNode.value(ASTAndNode.java:55)
      	at org.apache.commons.jexl.parser.ASTExpression.value(ASTExpression.java:54)
      	at org.apache.commons.jexl.parser.ASTExpressionExpression.value(ASTExpressionExpression.java:56)
      	at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
      	at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
      	at org.apache.commons.jelly.expression.ExpressionSupport.evaluateRecurse(ExpressionSupport.java:61)
      	at org.apache.commons.jelly.expression.ExpressionSupport.evaluateAsBoolean(ExpressionSupport.java:71)
      	at org.apache.commons.jelly.tags.core.CoreTagLibrary$1.run(CoreTagLibrary.java:97)
      	at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)
      	at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)
      	at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
      	at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
      	at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.apache.commons.jelly.tags.core.CoreTagLibrary$1.run(CoreTagLibrary.java:98)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      	at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
      	at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
      	at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
      	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
      	at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      	at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
      	at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
      	at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:95)
      	at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:63)
      	at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:53)
      	at org.kohsuke.stapler.jelly.JellyFacet$1.dispatch(JellyFacet.java:95)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
      	at com.cloudbees.jenkins.ha.HAHealthCheckFilter.doFilter(HAHealthCheckFilter.java:35)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
      	at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at com.cloudbees.opscenter.security.ClusterSessionFilter._doFilter(ClusterSessionFilter.java:69)
      	at com.cloudbees.opscenter.security.ClusterSessionFilter.doFilter(ClusterSessionFilter.java:44)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:201)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:178)
      	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:85)
      	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:102)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at org.jenkinsci.plugins.suppress_stack_trace.SuppressionFilter.doFilter(SuppressionFilter.java:34)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Vincent Latombe
            Path:
            src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/SecretBuildWrapper.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/ad1bd01a49eb9a0e11e3463db9961ce7155d5272
            Log:
            JENKINS-37541 Protect ourselves against deserialization with null binding

            Compare: https://github.com/jenkinsci/credentials-binding-plugin/compare/e2a2dbb2caf4^...ad1bd01a49eb

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Vincent Latombe Path: src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/SecretBuildWrapper.java http://jenkins-ci.org/commit/credentials-binding-plugin/ad1bd01a49eb9a0e11e3463db9961ce7155d5272 Log: JENKINS-37541 Protect ourselves against deserialization with null binding Compare: https://github.com/jenkinsci/credentials-binding-plugin/compare/e2a2dbb2caf4 ^...ad1bd01a49eb
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Vincent Latombe
            Path:
            pom.xml
            src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/SecretBuildWrapper.java
            http://jenkins-ci.org/commit/credentials-binding-plugin/4453a9a886f998a813a9c0cbaf6c8efc4191ba7d
            Log:
            Merge pull request #20 from jenkinsci/JENKINS-37541

            JENKINS-37541 Protect ourselves against deserialization with null binding

            Compare: https://github.com/jenkinsci/credentials-binding-plugin/compare/ce2641a4244b...4453a9a886f9

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Vincent Latombe Path: pom.xml src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/SecretBuildWrapper.java http://jenkins-ci.org/commit/credentials-binding-plugin/4453a9a886f998a813a9c0cbaf6c8efc4191ba7d Log: Merge pull request #20 from jenkinsci/ JENKINS-37541 JENKINS-37541 Protect ourselves against deserialization with null binding Compare: https://github.com/jenkinsci/credentials-binding-plugin/compare/ce2641a4244b...4453a9a886f9
            Hide
            vlatombe Vincent Latombe added a comment -

            Released in 1.9

            Show
            vlatombe Vincent Latombe added a comment - Released in 1.9

              People

              • Assignee:
                vlatombe Vincent Latombe
                Reporter:
                vlatombe Vincent Latombe
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: