Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46192

Security sandbox doesn't handle the default iterator

    Details

    • Similar Issues:

      Description

      The following fails when run in the security sandbox

      def lst = [1,2,3,4];
      lst.each { println it }
      

      With exception

      groovy.lang.MissingPropertyException: No such property: it for class: Script1
      	at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.unwrap(ScriptBytecodeAdapter.java:53)
      	at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.getProperty(ScriptBytecodeAdapter.java:458)
      	at org.kohsuke.groovy.sandbox.impl.Checker$6.call(Checker.java:284)
      	at org.kohsuke.groovy.sandbox.GroovyInterceptor.onGetProperty(GroovyInterceptor.java:68)
      	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:316)
      	at org.kohsuke.groovy.sandbox.impl.Checker$6.call(Checker.java:282)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:286)
      	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:262)
      	at org.kohsuke.groovy.sandbox.impl.Checker$checkedGetProperty$4.callStatic(Unknown Source)
      	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallStatic(CallSiteArray.java:56)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:194)
      	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callStatic(AbstractCallSite.java:230)
      	at Script1$_run_closure1.doCall(Script1.groovy:2)

      The workaround is to explicitly name the iterator

      def lst = [1,2,3,4];
      lst.each { it -> println it }

      Background: Whilst the workaround is relatively easy, it's time consuming when handling volumes of legacy code (upgrading from older jenkins versions). It's compounded as we are using the "groovy script file" option of the "execute system groovy script" buildstep for which there is no option to avoid the sandbox.

        Attachments

          Issue Links

            Activity

            Hide
            pwiseman Peter Wiseman added a comment -

            Possibly fixed by JENKINS-33468.

            Show
            pwiseman Peter Wiseman added a comment - Possibly fixed by  JENKINS-33468 .
            Hide
            pwiseman Peter Wiseman added a comment -

            Confirmed fixed.  Jenkins 2.74, Script Security Plugin 1.33.

            Show
            pwiseman Peter Wiseman added a comment - Confirmed fixed.  Jenkins 2.74, Script Security Plugin 1.33.

              People

              • Assignee:
                Unassigned
                Reporter:
                pwiseman Peter Wiseman
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: