Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45892

Forbid nested references to model objects

    Details

    • Similar Issues:

      Description

      Some model objects which are written at top level to their own XML file. The most important examples are AbstractItem, Run, and User.

      Sometimes various classes defined in Jenkins which are intended to be serialized via XStream will mistakenly declare a non-transient field referring back to the model object. If the class happens to be an action, property, etc. which is contained in that same model object, this will usually be harmless, as XStream will create a reference—though it will occasionally blow up in your face when using lazy loading of builds, since there are conditions under which a fresh copy of the model object will be written, which will typically be in some inconsistent state after deserialization since no onLoad method has been called on it. If the class is contained in something else, you will definitely get duplicated data, which can be rather bad.

      Jenkins should if possible block you from accidentally storing a model object inside something else.

        Attachments

          Issue Links

            Activity

            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue relates to JENKINS-17125 [ JENKINS-17125 ]
            jglick Jesse Glick made changes -
            Link This issue relates to SECURITY-362 [ SECURITY-362 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-45846 [ JENKINS-45846 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-18809 [ JENKINS-18809 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-20950 [ JENKINS-20950 ]
            jglick Jesse Glick made changes -
            Attachment JENKINS-45892.diff [ 39096 ]
            jglick Jesse Glick made changes -
            Attachment JENKINS-45892.diff [ 39096 ]
            jglick Jesse Glick made changes -
            Assignee Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "XStream object graphs (Web Link)" [ 17378 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "core PR 2957 (Web Link)" [ 17379 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            jglick Jesse Glick made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 2997 (Web Link)" [ 17612 ]
            estyrke Emil Styrke made changes -
            Link This issue is related to JENKINS-47158 [ JENKINS-47158 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal TIGER-3986 (Web Link)" [ 18218 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal TIGER-3964 (Web Link)" [ 18221 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal TIGER-3963 (Web Link)" [ 18222 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal OSS-2422 (Web Link)" [ 18324 ]
            vilacides Isa Vilacides made changes -
            Labels robustness serialization xstream remoting-whitelist robustness serialization xstream
            vilacides Isa Vilacides made changes -
            Labels remoting-whitelist robustness serialization xstream robustness serialization xstream
            romanp Roman Pickl made changes -
            Link This issue relates to JENKINS-48322 [ JENKINS-48322 ]
            viliamjr Viliam Dias made changes -
            Comment [ Something like this is happening here (*v2.89.2* on Win7) after a push notification:
            {code:java}
            jan 16, 2018 5:41:45 PM hudson.plugins.git.GitStatus$JenkinsAbstractProjectListener onNotifyCommit
            INFORMATION: no trigger, or post-commit hooks disabled, on testefoo ╗ master
            jan 16, 2018 5:41:45 PM jenkins.plugins.git.GitSCMSource$ListenerImpl onNotifyCommit
            INFORMATION: Triggering the indexing of testefoo as a result of event from 10.0.13.29 ? http://myserver/git/notifyCommit
            ←[33mjan 16, 2018 5:41:59 PM hudson.XmlFile replaceIfNotAtTopLevel
            WARNING: JENKINS-45892: reference to org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject@1b96f0b[t
            estefoo] being saved from unexpected C:\Users\me\.jenkins\jobs\testefoo\indexing\indexing.xml
            java.lang.IllegalStateException
                    at hudson.XmlFile.replaceIfNotAtTopLevel(XmlFile.java:210)
                    at hudson.model.AbstractItem.writeReplace(AbstractItem.java:509)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                    at java.lang.reflect.Method.invoke(Unknown Source)
                    at com.thoughtworks.xstream.converters.reflection.SerializationMethodInvoker.callWriteReplace(SerializationMethodInvoker.java:89)
                    at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:141)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
                    at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
                    at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
                    at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
                    at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
                    at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
                    at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
                    at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
                    at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
                    at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
                    at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
                    at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
                    at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
                    at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
                    at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
                    at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
                    at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
                    at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
                    at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
                    at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
                    at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
                    at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
                    at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
                    at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
                    at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
                    at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
                    at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
                    at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
                    at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
                    at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
                    at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
                    at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
                    at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
                    at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
                    at hudson.XmlFile.write(XmlFile.java:181)
                    at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.save(FolderComputation.java:208)
                    at com.cloudbees.hudson.plugins.folder.computed.FolderComputation.run(FolderComputation.java:192)
                    at jenkins.branch.MultiBranchProject$BranchIndexing.run(MultiBranchProject.java:1022)
                    at hudson.model.ResourceController.execute(ResourceController.java:97)
                    at hudson.model.Executor.run(Executor.java:421)

            ←[0mjan 16, 2018 5:41:59 PM jenkins.branch.MultiBranchProject$BranchIndexing run
            INFORMATION: testefoo #20180116.174146 branch indexing action completed: SUCCESS in 13 segundos
            ←[33mjan 16, 2018 5:41:59 PM hudson.Util warnWindowsSymlink
            WARNING: Symbolic links enabled on this platform but disabled for this user; run as administrator or use Local Security Policy > Security Settings > Local Policies > User Rights Assignment > Create symbolic links
            ←[0mjan 16, 2018 5:42:26 PM org.jenkinsci.plugins.workflow.job.WorkflowRun finish
            INFORMATION: testefoo/master #16 completed: SUCCESS{code}
              ]
            aheritier Arnaud Héritier made changes -
            Remote Link This issue links to "Page (Jenkins Wiki)" [ 19935 ]
            allan_burdajewicz Allan BURDAJEWICZ made changes -
            Link This issue relates to JENKINS-49328 [ JENKINS-49328 ]
            ewypych Emil Wypych made changes -
            Link This issue is related to JENKINS-49368 [ JENKINS-49368 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-50273 [ JENKINS-50273 ]
            allan_burdajewicz Allan BURDAJEWICZ made changes -
            Link This issue relates to JENKINS-52296 [ JENKINS-52296 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                24 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: