Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48950

JEP-200: GHPRB Plugin Fails Whitelist

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

       

      WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
      Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
      WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/

       

      The mitigation technique worked by adding the class names to the Hudson classfilter:

      -Dhudson.remoting.ClassFilter=org.kohsuke.github.*

      ^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.

       

        Attachments

          Issue Links

            Activity

            sasquatch85 Jeremy Stewart created issue -
            oleg_nenashev Oleg Nenashev made changes -
            Field Original Value New Value
            Link This issue relates to JENKINS-48954 [ JENKINS-48954 ]
            oleg_nenashev Oleg Nenashev made changes -
            Assignee ben patterson [ bpatterson ] Oleg Nenashev [ oleg_nenashev ]
            oleg_nenashev Oleg Nenashev made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue is duplicated by JENKINS-48952 [ JENKINS-48952 ]
            oleg_nenashev Oleg Nenashev made changes -
            Remote Link This issue links to "https://github.com/jenkinsci/github-api-plugin/pull/18 (Web Link)" [ 19801 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "Page (Jenkins Wiki)" [ 19817 ]
            oleg_nenashev Oleg Nenashev made changes -
            Remote Link This issue links to "Page (Jenkins Wiki)" [ 19817 ]
            jglick Jesse Glick made changes -
            Assignee Oleg Nenashev [ oleg_nenashev ] Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 616 (Web Link)" [ 19821 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            sasquatch85 Jeremy Stewart made changes -
            Description The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

             
            {code:java}
            WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
            Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
            WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/{code}
             

            The mitigation technique worked by adding the class names to the Hudson classfilter:

            -Dhudson.remoting.ClassFilter=org.kohsuke.github.*
            The GitHub PR Builder plugin gets flagged after updating to 2.102 breaking automated PR jobs:

             
            {code:java}
            WARNING: org.kohsuke.github.GHPullRequestCommitDetail$Authorship in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/
            Jan 15, 2018 1:55:20 PM jenkins.security.ClassFilterImpl lambda$isBlacklisted$1
            WARNING: org.kohsuke.github.GHUser in file:/var/lib/jenkins/plugins/github-api/WEB-INF/lib/github-api-1.90.jar might be dangerous, so rejecting; see https://jenkins.io/redirect/class-filter/{code}
             

            -The mitigation technique worked by adding the class names to the Hudson classfilter:-

            --Dhudson.remoting.ClassFilter=org.kohsuke.github.*-

            ^ This doesn't actually work, would need to force all of the dependent classes individually here. In my case, the WARNING messages just didn't show up in the log until later than I expected and still resulted in the build.xml throwing the stack traces below when a job using the GHPRB was run.

             
            oleg_nenashev Oleg Nenashev made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue relates to JENKINS-49282 [ JENKINS-49282 ]
            joenunnelley Joe Nunnelley made changes -
            Link This issue is related to JENKINS-51511 [ JENKINS-51511 ]
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue is duplicated by JENKINS-51663 [ JENKINS-51663 ]
            oleg_nenashev Oleg Nenashev made changes -
            Link This issue is duplicated by JENKINS-51511 [ JENKINS-51511 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                sasquatch85 Jeremy Stewart
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: