Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.89.3 
      Pipeline Groovy 2.53 
      Script Security Plugin 1.44
    • Similar Issues:
    • Released As:
      script-security 1.47

      Description

      The following operations are currently not whitelisted but they should be safe:

      • isinstance check
      • java.lang.Throwable.getCause()
      • java.util.Arrays.asList()
      • java.util.regex.MatchResult.group(String)
      • List - List

        Attachments

          Activity

          Show
          haridsv Hari Dara added a comment - Sent PR: https://github.com/jenkinsci/script-security-plugin/pull/226
          Hide
          haridsv Hari Dara added a comment -
          Show
          haridsv Hari Dara added a comment - This was addressed in this PR:  https://github.com/jenkinsci/script-security-plugin/pull/226
          Hide
          haridsv Hari Dara added a comment -

          Devin Nusbaum: Could you update the status for this one too?

          Show
          haridsv Hari Dara added a comment - Devin Nusbaum : Could you update the status for this one too?
          Hide
          dnusbaum Devin Nusbaum added a comment -

          Hari Dara Updated. Are you sure you don't have access to modify the ticket yourself when logged in? I don't think there is anything special about my account, you just need to be logged in, then click "Workflow", then "Resolved".

          Show
          dnusbaum Devin Nusbaum added a comment - Hari Dara Updated. Are you sure you don't have access to modify the ticket yourself when logged in? I don't think there is anything special about my account, you just need to be logged in, then click "Workflow", then "Resolved".
          Hide
          haridsv Hari Dara added a comment -

          I guess I just couldn't figure out how to do it, thanks for pointing it out. However, how would I know what to enter for "Released As"?

          Show
          haridsv Hari Dara added a comment - I guess I just couldn't figure out how to do it, thanks for pointing it out. However, how would I know what to enter for "Released As"?
          Hide
          dnusbaum Devin Nusbaum added a comment -

          Yeah, in that case you'd have to go through the changelog on the wiki and figure out what version it was released in. Normally the person who released the plugin should update the ticket, probably someone just forgot for your two tickets. It helps if in GitHub you make the PR title start with "[JENKINS-XXXXX]" and add a "See JENKINS-XXXXX" link to the PR description, but in this case you already did that, so nothing wrong on your side.

          Show
          dnusbaum Devin Nusbaum added a comment - Yeah, in that case you'd have to go through the changelog on the wiki  and figure out what version it was released in. Normally the person who released the plugin should update the ticket, probably someone just forgot for your two tickets. It helps if in GitHub you make the PR title start with " [JENKINS-XXXXX] " and add a "See JENKINS-XXXXX" link to the PR description, but in this case you already did that, so nothing wrong on your side.

            People

            • Assignee:
              haridsv Hari Dara
              Reporter:
              haridsv Hari Dara
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: