-
Bug
-
Resolution: Not A Defect
-
Major
-
Jenkins 2.121.3
Script Security Plugin 1.46
Hello,
I'm writing a plugin that parses a groovy script using a custom DSL. Running outside of the sandbox everything works as expected. Within the sandbox i'm receiving the following error:
groovy.lang.MissingPropertyException: No such property: github_enterprise for class: groovy.lang.Binding
at groovy.lang.Binding.getVariable(Binding.java:63)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:264)
The DSL is basically a builder:
static SdpConfigObject parse(String script_text){ SdpConfigObject sdp_config = new SdpConfigObject() Binding our_binding = new Binding(sdp_config: sdp_config) CompilerConfiguration cc = new CompilerConfiguration() cc.addCompilationCustomizers(new SandboxTransformer()) cc.scriptBaseClass = SdpConfigBuilder.class.name GroovyShell sh = new GroovyShell(SdpConfigDsl.classLoader, our_binding, cc); SdpConfigSandbox sandbox = new SdpConfigSandbox() sandbox.register(); try { sh.evaluate script_text }finally { sandbox.unregister(); } return sdp_config }
We register our own sandbox to further restrict the parsing of this custom DSL into a config object.
What I've tried:
1. disabling our custom sandbox. made no difference. our sandbox for the script execution causes no problems when the pipeline itself isn't run in the cps sandbox.
2. @Whitelist -ing every method in the plugin.
3. adding a ProxyWhiteList:
@Extension public static class MiscWhitelist extends ProxyWhitelist { public MiscWhitelist() throws IOException { super(new StaticWhitelist( "method groovy.lang.Binding getProperty java.lang.String", "method groovy.lang.Binding getVariable java.lang.String" )); }
I saw a similar error message was happening in v1.45 around
No such property: <something> for class: groovy.lang.Binding
Any guidance would be appreciated.
Thank you!