Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42192

permissive-security-script plugin should not log full stacktrace

    Details

    • Similar Issues:

      Description

      Hi,

      the plugin runs perfectly BUT it has a tendency to spam jenkins' log files with useless stacktraces.
      These messages are on level 'INFO', for sure, but it's still a lot of noise for nothing.

      INFO: Unsecure signature found: staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint
      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint
              at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:190)
              at org.jenkinsci.plugins.permissivescriptsecurity.PermissiveWhitelist.permitsStaticMethod(PermissiveWhitelist.java:63)
              at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist.permitsStaticMethod(ProxyWhitelist.java:140)
              at org.jenkinsci.plugins.workflow.cps.GroovyClassLoaderWhitelist.permitsStaticMethod(GroovyClassLoaderWhitelist.java:60)
              at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onStaticCall(SandboxInterceptor.java:139)
              at org.kohsuke.groovy.sandbox.impl.Checker$2.call(Checker.java:180)
              at org.kohsuke.groovy.sandbox.impl.Checker.checkedStaticCall(Checker.java:177)
              at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:91)
              at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16)
              at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
              at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
              at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixName(FunctionCallBlock.java:77)
              at sun.reflect.GeneratedMethodAccessor127.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
              at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
              at com.cloudbees.groovy.cps.Next.step(Next.java:58)
              at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
              at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
              at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
              at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
              at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
              at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
      

      Have the exception message would be enough :

      INFO: Unsecure signature found: staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint
      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint
      

      It sure is a minor issue ... yet when looking for real errors in log files it's painful to skip all these stacks.

      Why not adding the full log message when logging level set to DEBUG.

        Attachments

          Activity

          Hide
          akom Alexander Komarov added a comment -

          Oliver Gondža thank you for the clarification, I failed to read the docs carefully.

          Show
          akom Alexander Komarov added a comment - Oliver Gondža thank you for the clarification, I failed to read the docs carefully.
          Hide
          psk1987 Prachi Khadke added a comment -

          Oliver Gondža setting -Dpermissive-script-security.enabled=no_security means turning off security completely. Isn't there a way to keep the security turned on but still prevent the scriptApproval from appearing every time. I've approved other signatures for my pipeline scripts in the past without having to re-approve repeatedly. The fact that the scriptApproval keeps reappearing despite explicit approval seems like a bug.

          Show
          psk1987 Prachi Khadke added a comment - Oliver Gondža setting -Dpermissive-script-security.enabled=no_security means turning off security completely. Isn't there a way to keep the security turned on but still prevent the scriptApproval from appearing every time. I've approved other signatures for my pipeline scripts in the past without having to re-approve repeatedly. The fact that the scriptApproval keeps reappearing despite explicit approval seems like a bug.
          Hide
          olivergondza Oliver Gondža added a comment -

          Prachi Khadke, Can you be more specific? What this plugin does is turning the security off. If you want it on and there is something that does not work the way you like, I believe that is a FRE for script-security plugin itself.

          Show
          olivergondza Oliver Gondža added a comment - Prachi Khadke , Can you be more specific? What this plugin does is turning the security off. If you want it on and there is something that does not work the way you like, I believe that is a FRE for script-security plugin itself.
          Hide
          psk1987 Prachi Khadke added a comment - - edited

           

          I am having the same problem as Alexander Komarov.

          Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint.
          Administrators can decide whether to approve or reject this signature.
          

          I have approved the signature several times without any difference. My build still fails with the same error. Also tried setting

          -Dpermissive-script-security.enabled=no_security

          in the

           /etc/sysconfig/jenkins

          config file to no avail. 

           

          But my point is the fact that the build failing with the error above despite approving the signature is a bug. I shouldn't have to disable permissive script security for my builds to run. And I should be able to approve operations explicitly to run within the sandbox.

          Show
          psk1987 Prachi Khadke added a comment - - edited   I am having the same problem as Alexander Komarov. Scripts not permitted to use staticMethod org.jenkinsci.plugins.workflow.cps.Safepoint safepoint. Administrators can decide whether to approve or reject this signature. I have approved the signature several times without any difference. My build still fails with the same error. Also tried setting -Dpermissive-script-security.enabled=no_security in the /etc/sysconfig/jenkins config file to no avail.    But my point is the fact that the build failing with the error above despite approving the signature is a bug. I shouldn't have to disable permissive script security for my builds to run. And I should be able to approve operations explicitly to run within the sandbox.
          Hide
          sharkannon Stephen Herd added a comment - - edited

          I believe one of the most recent plugin changes to Jenkins has changed this behavior since this used to work just fine but in the last week or so.  Unfortunatly I'm not sure which plugin may be conflicting with the permissive script plugin.

           

          Verisons:

          Jenkins: 1.164.2 LTS
          Permissive Script Security Plugin: 0.3
          Script Security Plugin: 1.58

          We have about 30 other plugins as well, just thought these would be the most relavent.

          Show
          sharkannon Stephen Herd added a comment - - edited I believe one of the most recent plugin changes to Jenkins has changed this behavior since this used to work just fine but in the last week or so.  Unfortunatly I'm not sure which plugin may be conflicting with the permissive script plugin.   Verisons: Jenkins: 1.164.2 LTS Permissive Script Security Plugin: 0.3 Script Security Plugin: 1.58 We have about 30 other plugins as well, just thought these would be the most relavent.

            People

            • Assignee:
              olivergondza Oliver Gondža
              Reporter:
              squalou squalou jenkins
            • Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: