Issue

When executing a pipeline script with non-serializable objects (non whitelisted since JEP-200) that results in the creation of a Groovy proxy class, the script fails

Caused by: java.lang.UnsupportedOperationException: Refusing to marshal ToolLocationNodeProperty$ToolLocation1_groovyProxy for security reasons; see https://jenkins.io/redirect/class-filter/

This was caused by the following line:

def toolLocationProperty = new ToolLocationNodeProperty(toolLocation as List)

While the solution is to fix the script, in that case:

def toolLocationProperty = new ToolLocationNodeProperty([toolLocation])

This is not sufficient because the creation of the ToolLocation1_groovyProxy class has corrupted the in-memory model. So any time you try to use that same constructor from a pipeline, it fails with the same error.

Workaround

Restart the master.

After reproducing this, I found another workaround by re-saving a Jenkins node. But I assume that this would work only for this particular scenario where the problem is the ToolLocationNodeProperty.

Concern

This is concerning as any non serializable class could cause this, which could impact any job in the master that would use the corrupted method / object. I cannot think of a way to prevent this. I have noticed that script security adds an entry for the correct type - for example new hudson.tools.ToolLocationNodeProperty java.util.List and not ToolLocation1_groovyProxy. So it is not preventing this at all. Also after discussion in JENKINS-50743, this should be handle by a different engine.