Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60826

Git plugin approved list is ignored in called method

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Fix
    • Component/s: git-plugin
    • Labels:
      None
    • Environment:
      git plugin 4.1.0
      git client plugin 4.1.0
      Jenkins 2.204.1
    • Similar Issues:

      Description

      Git plugin 4.1.0 adds many GitSCM getters to the Pipeline approved list as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the JENKINS-42860 automated check.

      It fails to approve the reference to that field when it is accessed from a shared library method like GitUtils.my_utils

      The failing reference looks something like this:

      @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
      
      import com.markwaite.GitUtils
      
      def branch='master'
      
      node {
        stage('Checkout') {
          def my_utils = new com.markwaite.GitUtils()
          dir(branch) {
            checkout([$class: 'GitSCM',
                      branches: [[name: branch]],
                      userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                     ])
          }
      }
      

        Attachments

          Issue Links

            Activity

            markewaite Mark Waite created issue -
            markewaite Mark Waite made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-42860 [ JENKINS-42860 ]
            markewaite Mark Waite made changes -
            Description Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
            import com.markwaite.Assert
            import com.markwaite.Build
            import com.markwaite.GitUtils

            def branch1='JENKINS-37156'
            def branch2='master'
            def branch3='JENKINS-06203'

            node('git-1.8+ && !cloud') {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch2) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch2]],
                            browser: [$class: 'GithubWeb', repoUrl: 'https://github.com/MarkEWaite/jenkins-bugs-private'],
                            doGenerateSubmoduleConfigurations: false,
                            extensions: [
                              [$class: 'LocalBranch', localBranch: '**'],
                              [$class: 'SubmoduleOption',
                               disableSubmodules: true,
                               recursiveSubmodules: false,
                               trackingSubmodules: false],
                            ],
                            gitTool: 'Default',
                            submoduleCfg: [],
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch2)
                           ])
                }
            }
            {noformat}
            Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
            import com.markwaite.Build
            import com.markwaite.GitUtils

            def branch='master'

            node('git-1.8+ && !cloud') {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            gitTool: 'Default',
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            markewaite Mark Waite made changes -
            Description Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
            import com.markwaite.Build
            import com.markwaite.GitUtils

            def branch='master'

            node('git-1.8+ && !cloud') {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            gitTool: 'Default',
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _

            import com.markwaite.GitUtils

            def branch='master'

            node {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            gitTool: 'Default',
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            markewaite Mark Waite made changes -
            Description Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _

            import com.markwaite.GitUtils

            def branch='master'

            node {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            gitTool: 'Default',
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _

            import com.markwaite.GitUtils

            def branch='master'

            node {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            markewaite Mark Waite made changes -
            Assignee Mark Waite [ markewaite ]
            markewaite Mark Waite made changes -
            Summary Git plugin whitelist ignored in called method Git plugin approved list is ignored in called method
            markewaite Mark Waite made changes -
            Description Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _

            import com.markwaite.GitUtils

            def branch='master'

            node {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            Git plugin 4.1.0 adds many GitSCM getters to the Pipeline approved list as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

            It fails to approve the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

            The failing reference looks something like this:

            {noformat}
            @Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _

            import com.markwaite.GitUtils

            def branch='master'

            node {
              stage('Checkout') {
                def my_utils = new com.markwaite.GitUtils()
                dir(branch) {
                  checkout([$class: 'GitSCM',
                            branches: [[name: branch]],
                            userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
                           ])
                }
            }
            {noformat}
            Hide
            markewaite Mark Waite added a comment -

            This is believed to be working as designed.

            Show
            markewaite Mark Waite added a comment - This is believed to be working as designed.
            markewaite Mark Waite made changes -
            Status Open [ 1 ] Closed [ 6 ]
            Resolution Won't Fix [ 2 ]

              People

              • Assignee:
                Unassigned
                Reporter:
                markewaite Mark Waite
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: