Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49070

java.math.BigDecimal in JRE might be dangerous (JEP in 2.103)

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Received this stacktrace for a build on a Linux slave after upgrade to v 2.103  (didn't install 2.102, so not sure if it was present there):

      java.lang.UnsupportedOperationException: Refusing to marshal java.math.BigDecimal for security reasons; see https://jenkins.io/redirect/class-filter/
       at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:530)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:51)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTValue#value for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTValue$1
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.MapConverter.marshal(MapConverter.java:79)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTNamedArgumentList#arguments for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTNamedArgumentList
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStep#args for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStep
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTBranch#steps for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTBranch
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStage#branches for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStage
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStages#stages for class org.jenkinsci.plugins.pipeline.modeldefinition.ast.ModelASTStages
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize org.jenkinsci.plugins.pipeline.modeldefinition.actions.ExecutionModelAction#stagesList for class org.jenkinsci.plugins.pipeline.modeldefinition.actions.ExecutionModelAction
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
       at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
       at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
       at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
      Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Actionable#actions for class org.jenkinsci.plugins.workflow.job.WorkflowRun
       at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
       at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
       at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
       at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
       at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
       at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
       at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
       at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
       at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
       at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
       at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
       at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
       at hudson.XmlFile.write(XmlFile.java:194)
      Caused: java.io.IOException
       at hudson.XmlFile.write(XmlFile.java:201)
       at hudson.model.Run.save(Run.java:1923)
       at hudson.BulkChange.commit(BulkChange.java:98)
       at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution.notifyListeners(CpsFlowExecution.java:1229)
       at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$3.run(CpsThreadGroup.java:408)
       at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$1.run(CpsVmExecutorService.java:35)
       at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131)
       at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
       at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
       at java.util.concurrent.FutureTask.run(FutureTask.java:266)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
       at java.lang.Thread.run(Thread.java:748)  

      Jenkins master information:

      os.name = Linux
      os.version = 3.16.0-5-amd64
      java.runtime.name = OpenJDK Runtime Environment
      java.runtime.version = 1.8.0_131-8u131-b11-1~bpo8+1-b11
      pipeline-model-definition = version 1.2.6

      Jenkins build slave information:

      os.name = Linux
      os.version = 3.16.0-5-amd64
      java.runtime.name = Java(TM) SE Runtime Environment
      java.runtime.version = 1.8.0_121-b13

        Attachments

          Activity

          Hide
          pjaytycy Pieter-Jan Busschaert added a comment -

          Thanks for investigating and fixing this issue so fast! Really appreciated.

          Show
          pjaytycy Pieter-Jan Busschaert added a comment - Thanks for investigating and fixing this issue so fast! Really appreciated.
          Hide
          danielbeck Daniel Beck added a comment -

          Resolved towards 2.104.

          Show
          danielbeck Daniel Beck added a comment - Resolved towards 2.104.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy
          pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java
          pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy
          pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy
          http://jenkins-ci.org/commit/pipeline-model-definition-plugin/029b1f981eb9e924cb93991ed895682fb179d068
          Log:
          JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/029b1f981eb9e924cb93991ed895682fb179d068 Log: JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          Jenkinsfile
          pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy
          pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java
          pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java
          pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy
          pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy
          http://jenkins-ci.org/commit/pipeline-model-definition-plugin/6fd36ef29323d404945057cb6a94b7234f56e95b
          Log:
          Merge pull request #239 from abayer/jenkins-49070

          JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model

          Compare: https://github.com/jenkinsci/pipeline-model-definition-plugin/compare/7736888a9226...6fd36ef29323

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: Jenkinsfile pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/ModelParser.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/Messages.properties pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/BasicModelDefTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/ValidatorTest.java pipeline-model-definition/src/test/resources/bigDecimalConverts.groovy pipeline-model-definition/src/test/resources/errors/bigIntegerFailure.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/6fd36ef29323d404945057cb6a94b7234f56e95b Log: Merge pull request #239 from abayer/jenkins-49070 JENKINS-49070 Avoid serializing BigDecimal and BigInteger in the model Compare: https://github.com/jenkinsci/pipeline-model-definition-plugin/compare/7736888a9226...6fd36ef29323
          Hide
          abayer Andrew Bayer added a comment -

          And Declarative 1.2.7 (releasing shortly) fixes this from the other side by preventing potential serialization of BigDecimal in the first place by overriding Groovy's behavior of taking any floating-point literal as a BigDecimal (i.e., def foo = 0.1; foo instanceof BigDecimal).

          Show
          abayer Andrew Bayer added a comment - And Declarative 1.2.7 (releasing shortly) fixes this from the other side by preventing potential serialization of BigDecimal in the first place by overriding Groovy's behavior of taking any floating-point literal as a BigDecimal (i.e., def foo = 0.1; foo instanceof BigDecimal ).

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              pjaytycy Pieter-Jan Busschaert
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: