Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46189

Unable to use ParametersAction using the list constructor when run in sandbox

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.73, Script Security Plugin 1.31
    • Similar Issues:

      Description

      ParametersAction can't be constructed using the list constructor.  Works with varargs.

      import hudson.model.*;
      def pv1 = new StringParameterValue("Param1", "Value1");
      def pv2 = new StringParameterValue("Param2", "Value2");
      def pa1 = new ParametersAction(pv1,pv2);
      
      def pl = new ArrayList<ParameterValue>();
      pl.add(pv1);
      pl.add(pv2);
      def pa2 = new ParametersAction(pl);

      Error

      java.lang.IllegalArgumentException: array element type mismatch
      	at java.lang.reflect.Array.set(Native Method)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.parametersForVarargs(GroovyCallSiteSelector.java:104)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.matches(GroovyCallSiteSelector.java:51)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovyCallSiteSelector.constructor(GroovyCallSiteSelector.java:166)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:132)
      	at org.kohsuke.groovy.sandbox.impl.Checker$3.call(Checker.java:195)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedConstructor(Checker.java:200)
      	at org.kohsuke.groovy.sandbox.impl.Checker$checkedConstructor.callStatic(Unknown Source)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:214)
      	at Script1.run(Script1.groovy:9)

      Whilst we can work around this by switching to the varargs constructor, it's a symptom of a bigger problem.  We have the same issue with attempting to use scheduleBuild2 and passing a cause and action.  For this, there is no workaround.

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Is this a regression in a recent Script Security plugin release? If so, which?

            Show
            danielbeck Daniel Beck added a comment - Is this a regression in a recent Script Security plugin release? If so, which?
            Hide
            pwiseman Peter Wiseman added a comment -

            I was unable to confirm the exact version this regressed.  Our upgrades were stalled due to the SCM 2.0 change and more recently the Java 8 change, and as a result we upgraded from 2.32 to 2.73, and this simply coincides with our upgrade.  Previously we were able to avoid the sandbox but that is no longer an option when using script files.

            Show
            pwiseman Peter Wiseman added a comment - I was unable to confirm the exact version this regressed.  Our upgrades were stalled due to the SCM 2.0 change and more recently the Java 8 change, and as a result we upgraded from 2.32 to 2.73, and this simply coincides with our upgrade.  Previously we were able to avoid the sandbox but that is no longer an option when using script files.
            Hide
            danielbeck Daniel Beck added a comment -

            Peter Wiseman What version of the following plugins are you running now, and which are the previous versions (if upgraded via plugin manager, it will offer to downgrade to that version):

            • Script Security (script-security)
            • Pipeline: Groovy (workflow-cps)

            Does this happen in a Pipeline, or some other scripting environment such as Groovy Postbuild, Groovy Plugin's system groovy, etc.?

            Show
            danielbeck Daniel Beck added a comment - Peter Wiseman What version of the following plugins are you running now, and which are the previous versions (if upgraded via plugin manager, it will offer to downgrade to that version): Script Security (script-security) Pipeline: Groovy (workflow-cps) Does this happen in a Pipeline, or some other scripting environment such as Groovy Postbuild, Groovy Plugin's system groovy, etc.?
            Hide
            pwiseman Peter Wiseman added a comment - - edited

            As per the Environment section of the issue, Jenkins 2.73, Script Security Plugin 1.31.

            This issue occurs in Freestyle with the System Groovy buildstep using a Groovy Command with Sandbox selected.  Our actual use case is a script file, but running with a groovy command and sandbox selected is an easier testcase.

            From memory Jenkins 1.32 coincides with about version 1.14 (correction - that's too far back - more likely 1.27) of the script security plugin. (I'm not currently VPN'd to work to check.). But the version probably doesn't reveal anything as we previously were able to run without the sandbox, but that is no longer an option when using a script file, something that was forced upon us in the upgrade.  I've got a Jenkins 2.71 environment with Script Security Plugin 1.29... and I can reproduce the problem there too.

            Show
            pwiseman Peter Wiseman added a comment - - edited As per the Environment section of the issue, Jenkins 2.73, Script Security Plugin 1.31. This issue occurs in Freestyle with the System Groovy buildstep using a Groovy Command with Sandbox selected.  Our actual use case is a script file, but running with a groovy command and sandbox selected is an easier testcase. From memory Jenkins 1.32 coincides with about version 1.14 (correction - that's too far back - more likely 1.27) of the script security plugin. (I'm not currently VPN'd to work to check.). But the version probably doesn't reveal anything as we previously were able to run without the sandbox, but that is no longer an option when using a script file, something that was forced upon us in the upgrade.  I've got a Jenkins 2.71 environment with Script Security Plugin 1.29... and I can reproduce the problem there too.
            Hide
            pwiseman Peter Wiseman added a comment -

            FWIW, I can also reproduce using a Pipeline job running in the sandbox.

            Show
            pwiseman Peter Wiseman added a comment - FWIW, I can also reproduce using a Pipeline job running in the sandbox.
            Hide
            jglick Jesse Glick added a comment -

            Not a recent regression.

            Show
            jglick Jesse Glick added a comment - Not a recent regression.
            Hide
            pwiseman Peter Wiseman added a comment -

            Jesse Glick Thanks for the reference to JENKINS-37527.  I saw that but failed to make the connection.  I'd request upgrading it from Minor to Major. I'll add comments to the that issue.

            Show
            pwiseman Peter Wiseman added a comment - Jesse Glick Thanks for the reference to  JENKINS-37527 .  I saw that but failed to make the connection.  I'd request upgrading it from Minor to Major. I'll add comments to the that issue.

              People

              • Assignee:
                Unassigned
                Reporter:
                pwiseman Peter Wiseman
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: