Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-57566

Default security prohibits ResultAction's getResult

    Details

    • Similar Issues:

      Description

      The

      post {
         always {
           dir("build") {
             script {
               def gccIssues = scanForIssues tool: gcc4(name: 'GCC')
               def action = publishIssues issues: [ gccIssues ], filters: [ excludeFile(".*[/\\\\]src[/\\\\]external.*") ]
               def result = action.getResult()
               def newSize = result.getNewSize()
               echo newSize
               echo result.getNewIssues()
            }   
          }
        }
      }
      

      fails with

      org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method io.jenkins.plugins.analysis.core.model.ResultAction getResult
      at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:262)
      

      I also reported this in gitter on 20.05.2019 and was asked to create this bug report here.

        Attachments

          Activity

          Hide
          drulli Ulli Hafner added a comment -

          After thinking again in more detail I think that the idea is not so good after all. This change would require to make the whole API part of the whitelist which will make the whole component vulnerable.

          Show
          drulli Ulli Hafner added a comment - After thinking again in more detail I think that the idea is not so good after all. This change would require to make the whole API part of the whitelist which will make the whole component vulnerable.

            People

            • Assignee:
              drulli Ulli Hafner
              Reporter:
              twam Tobias Müller
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: