Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54651

Refusing to marshal net.sf.json.JSONObject

    Details

    • Type: Bug
    • Status: Fixed but Unreleased (View Workflow)
    • Priority: Critical
    • Resolution: Not A Defect
    • Component/s: other
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      java.lang.UnsupportedOperationException: Refusing to marshal net.sf.json.JSONObject for security reasons; see https://jenkins.io/redirect/class-filter/ at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:546) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) at com.thoughtworks.xstream.converters.collections.CollectionConverter.marshal(CollectionConverter.java:74) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) Caused: java.lang.RuntimeException: Failed to serialize io.jenkins.plugins.sample.MagicPlugBuildWrapper#seleniumTests for class io.jenkins.plugins.sample.MagicPlugBuildWrapper at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88) at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64) at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84) at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265) at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252) Caused: java.lang.RuntimeException: Failed to serialize hudson.model.Project#buildWrappers for class hudson.model.FreeStyleProject at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256) at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224) at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138) at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209) at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150) at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58) at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43) at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82) at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026) at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015) at com.thoughtworks.xstream.XStream.toXML(XStream.java:988) at hudson.XmlFile.write(XmlFile.java:193) Caused: java.io.IOException at hudson.XmlFile.write(XmlFile.java:200) at hudson.model.AbstractItem.save(AbstractItem.java:601) at hudson.model.Job.save(Job.java:191) at hudson.model.AbstractProject.save(AbstractProject.java:289) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.model.Job.doConfigSubmit(Job.java:1351) at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:772) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:253) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:64) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590) at java.lang.Thread.run(Thread.java:748)

        Attachments

          Activity

          sushobhit sushobhit dua created issue -
          sushobhit sushobhit dua made changes -
          Field Original Value New Value
          Assignee Oleg Nenashev [ oleg_nenashev ]
          oleg_nenashev Oleg Nenashev made changes -
          Labels JEP-200
          oleg_nenashev Oleg Nenashev made changes -
          Component/s other [ 15490 ]
          Component/s maven-hpi-plugin [ 23041 ]
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          AFAICT you report an issue for your custom plugin you are trying to create. "MagicPlugBuildWrapper" does not exist in GitHub. 

          The error is a valid rejection of a class. JSONObject instances should not be persisted to the disk. See JEP-200 for the explanation and guidelines: https://jenkins.io/blog/2018/03/15/jep-200-lts/

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - AFAICT you report an issue for your custom plugin you are trying to create. "MagicPlugBuildWrapper" does not exist in GitHub.  The error is a valid rejection of a class. JSONObject instances should not be persisted to the disk. See JEP-200 for the explanation and guidelines: https://jenkins.io/blog/2018/03/15/jep-200-lts/  
          oleg_nenashev Oleg Nenashev made changes -
          Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
          Resolution Not A Defect [ 7 ]
          Hide
          sushobhit sushobhit dua added a comment -

          Thanks Oleg Nenashev for your reply.

          It works with below command

          mvn hpi:run -Dhudson.remoting.ClassFilter=net.sf.json.JSONObject,org.apache.commons.collections.map.ListOrderedMap

          Is this correct way to do ?

          Show
          sushobhit sushobhit dua added a comment - Thanks Oleg Nenashev for your reply. It works with below command mvn hpi:run -Dhudson.remoting.ClassFilter=net.sf.json.JSONObject,org.apache.commons.collections.map.ListOrderedMap Is this correct way to do ?
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          It will work after such change of course, but the correct way is to modify your plugin to prevent serialization of JSONObject at least. ListOrderedMap can be added to your plugin's whitelist. https://jenkins.io/blog/2018/01/13/jep-200/#making-plugins-compatible-with-jenkins-2-102-or-above

           

          Show
          oleg_nenashev Oleg Nenashev added a comment - It will work after such change of course, but the correct way is to modify your plugin to prevent serialization of JSONObject at least. ListOrderedMap can be added to your plugin's whitelist. https://jenkins.io/blog/2018/01/13/jep-200/#making-plugins-compatible-with-jenkins-2-102-or-above  
          Hide
          sushobhit sushobhit dua added a comment -

          I have also tried this option by adding in pom.xml

          		<plugins>
          		     <plugin>
          		       <groupId>org.apache.maven.plugins</groupId>
          		       <artifactId>maven-jar-plugin</artifactId>
          		       <configuration>
          		         <archive>
          		           <manifestEntries>
          		             <Jenkins-ClassFilter-Whitelisted>true</Jenkins-ClassFilter-Whitelisted>
          		           </manifestEntries>
          		         </archive>
          		       </configuration>
          		     </plugin>
          		</plugins>

          But its not working for me

           

          Show
          sushobhit sushobhit dua added a comment - I have also tried this option by adding in pom.xml <plugins>     <plugin>       <groupId>org.apache.maven.plugins</groupId>       <artifactId>maven-jar-plugin</artifactId>       <configuration>         <archive>           <manifestEntries>             <Jenkins-ClassFilter-Whitelisted> true </Jenkins-ClassFilter-Whitelisted>           </manifestEntries>         </archive>       </configuration>     </plugin> </plugins> But its not working for me  
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Yes, this whitelist would be required in the libraries you include, not in your plugin

          Show
          oleg_nenashev Oleg Nenashev added a comment - Yes, this whitelist would be required in the libraries you include, not in your plugin

            People

            • Assignee:
              oleg_nenashev Oleg Nenashev
              Reporter:
              sushobhit sushobhit dua
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: