Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56486

Improve UX to prevent admins from approving blacklisted methods without understanding the impact

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The script-security plugin already has a blacklist of dangerous method signatures that admins should probably not approve. Methods in this blacklist provide an extra warning when they are being approved, but perhaps that warning is not severe enough, as I have heard multiple reports of users accidentally causing a denial of service attack on their Jenkins instance with a Pipeline that runs System.exit.

      Some ideas:

      • Make methods which are very unlikely to have legitimate use cases even in an environment where only admins are writing sandboxed scripts unable to be approved, such as System.exit (could be opt-in or opt-out with a system property?).
      • For RejectedAccessExceptions where isDangerous returns true, provide per-signature documentation on the issues, and require the user to re-type the method signature or wait 10 seconds before they can approve the signature in the hope that providing the user with a better understanding of the problems will keep them from approving these methods.
      • Create an admin monitor that warns when blacklisted methods are in the approved list, and gives admins a one-click way to unapprove them. In this case, some kind of additional warning is also likely needed to prevent admins from breaking running jobs without realizing.

        Attachments

          Activity

          dnusbaum Devin Nusbaum created issue -
          dnusbaum Devin Nusbaum made changes -
          Field Original Value New Value
          Assignee Andrew Bayer [ abayer ]
          dnusbaum Devin Nusbaum made changes -
          Summary Make some methods in the Script Security blacklist unapprovable Improve UX to prevent admins from approving blacklisted methods without understanding the impact

            People

            • Assignee:
              Unassigned
              Reporter:
              dnusbaum Devin Nusbaum
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: