Details

    • Type: Improvement
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      script-security-plugin 1.56 (latest as of now)
    • Similar Issues:

      Description

      Using valueOf from known classes (Boolean.valueOf , etc.) are allowed (see source generic-whitelist).

      But for custom Enum, we have to approve. Now because we cannot override valueOf, this method is very secure. Because we can't authorize all valueOf from all existing Enum in the world, we could just allow Enum.valueOf(Class<T> enumType, String name).

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              abayer Andrew Bayer
              Reporter:
              antoinetran Antoine Tran
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: