JenkinsIcon indicating the project type

Jenkins

Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42913

RejectedAccessException for docker.image.inside within the library class

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Component/s: docker-workflow-plugin, pipeline
    • Labels:
      None
    • Environment:
      Jenkins 2.32.3
      Docker Pipeline 1.10
      Latest Pipeline plugin (Mar 20)
    • Similar Issues:

      Description

      When I call a library class from Pipeline, I get "org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject getProperty" for docker.image().inside. It is reproducible on several latest versions.

      I would expect the sample to be whitelisted since docker is a global variable. The similar code works fine outside the library class

      Script:

      package org.librecores.fusesoc;

public class Builder {
  
  def script
  
...
  
  public Builder(script) {this.script = script}
  
  /**
  * Default builder.
  * It picks core definitions from DEFAULT_CORES_REPO and pathes it before the build
  */
  public void build(String coreName, String githubUsername, String version) {
    script.docker.image(DEFAULT_IMAGE).inside {
      script.stage ("Patch the orpsoc-cores registry") {
        script.sh "cd /fusesoc && rm -rf orpsoc-cores"
        script.dir('orpsoc-cores') {
            script.git DEFAULT_CORES_REPO;
        }

      Exception:

      [Pipeline] End of Pipeline
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject getProperty java.lang.String (org.jenkinsci.plugins.workflow.cps.DSL.docker)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:183)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor$11.reject(SandboxInterceptor.java:312)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:363)
	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:28)
	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
	at org.librecores.fusesoc.Builder.build(file:/Users/nenashev/Documents/librecores/jenkinsDevel/work/jobs/Eval/jobs/FuseSoC_Test/builds/27/libs/pipelineLib/src/org/librecores/fusesoc/Builder.groovy:18)
	at WorkflowScript.run(WorkflowScript:12)
	at ___cps.transform___(Native Method)

        Attachments

          Activity

          Hide
          Permalink
          jglick Jesse Glick added a comment -

          You did not attach the call site, but I suspect you passed steps when you meant to pass this. See the documentation for libraries.

          Show
          jglick Jesse Glick added a comment - You did not attach the call site, but I suspect you passed steps when you meant to pass this . See the documentation for libraries.

            People

            • Assignee:
              Unassigned
              Reporter:
              oleg_nenashev Oleg Nenashev
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: