Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42860

RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: git-plugin
    • Labels:
      None
    • Environment:
      jenkins instance configured with github organization plugin and github authorization too.
    • Similar Issues:
    • Released As:
      git plugin 4.1.0

      Description

      It seems that I get this exception which is NOT logged inside the script approver which means there is not way to approve it.

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches
      

      This happened with this pipeline https://github.com/pycontribs/powertape/blob/master/Jenkinsfile

       

      Now, the interesting thing is that if you configure a this project in jenkins using the pipeline type of of job and setting the source as SCM, it will work.

      So this problem is specific to this way of configuring the jobs.

        Attachments

          Issue Links

            Activity

            Hide
            amontalban Andres Montalban added a comment -

            Thanks Greg Smith I had the same issue with GIT plugin and adding the above lines helped me.

            Show
            amontalban Andres Montalban added a comment - Thanks Greg Smith I had the same issue with GIT plugin and adding the above lines helped me.
            Hide
            abayer Andrew Bayer added a comment -

            So this would need to be addressed by adding @Whitelisted annotations in the git plugin.

            Show
            abayer Andrew Bayer added a comment - So this would need to be addressed by adding @Whitelisted annotations in the git plugin.
            Hide
            steph Steph Gosling added a comment -

            Greg Smith Andres Montalban any insight into exactly what your scriptApproval.xml files looked like would be greatly appreciated. As of current LTS builds and plugins today I cannot cajole Jenkins into behaving (simply to get tags from a GitHub repo

            Show
            steph Steph Gosling added a comment - Greg Smith Andres Montalban any insight into exactly what your scriptApproval.xml files looked like would be greatly appreciated. As of current LTS builds and plugins today I cannot cajole Jenkins into behaving (simply to get tags from a GitHub repo
            Hide
            dbanttari Daryl Banttari added a comment -

            I was able to work around a similar issue using (in my Jenkins config scripts):

            def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get()
            scriptApproval.approveSignature('method hudson.plugins.git.BranchSpec getName')
            scriptApproval.approveSignature('method hudson.plugins.git.GitSCM getBranches')

            and now I can use "${scm.branches[0].name}" in my Jenkinsfile

            c.f. https://stackoverflow.com/questions/47925058/how-to-approve-script-snippets-from-a-jenkinsfile-via-the-groovy-script-console

            Would save a lot of grief for people if these methods were @Whitelisted 

            Show
            dbanttari Daryl Banttari added a comment - I was able to work around a similar issue using (in my Jenkins config scripts): def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get() scriptApproval.approveSignature('method hudson.plugins.git.BranchSpec getName') scriptApproval.approveSignature('method hudson.plugins.git.GitSCM getBranches') and now I can use " ${scm.branches [0] .name }" in my Jenkinsfile c.f.  https://stackoverflow.com/questions/47925058/how-to-approve-script-snippets-from-a-jenkinsfile-via-the-groovy-script-console Would save a lot of grief for people if these methods were @Whitelisted  
            Hide
            markewaite Mark Waite added a comment -

            Fixed in git plugin 4.1.0, released Jan 18, 2020.

            Show
            markewaite Mark Waite added a comment - Fixed in git plugin 4.1.0, released Jan 18, 2020.

              People

              • Assignee:
                Unassigned
                Reporter:
                ssbarnea Sorin Sbarnea
              • Votes:
                9 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: