Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      Jenkins 2.190.1
      Script Security plugin 1.71
    • Similar Issues:

      Description

      Try executing this pipeline:

      def o = readJSON text: '{"foo": "bar"}'
      
      for (entry in o) {
          echo entry.class.toString()
          echo "$entry.key -> $entry.value"
      }
      

      The output is:

      class org.apache.commons.collections.map.ListOrderedMap$ListOrderedMapEntry
      Scripts not permitted to use method org.apache.commons.collections.KeyValue getKey. Administrators can decide whether to approve or reject this signature.
      

      The reason for that is that readJSON returns a net.sf.json.JSONObject, whose entry class is org.apache.commons.collections.map.ListOrderedMap.ListOrderedMapEntry, which implements org.apache.commons.collections.KeyValue, whose members are not whitelisted.

      It would be nice if you could do at least one of these:

      1. Whitelist org.apache.commons.collections.KeyValue getKey and getValue.
      2. Make it so that the existing whitelist entries for java.util.Map.Entry getKey and getValue also apply to org.apache.commons.collections.map.ListOrderedMap.ListOrderedMapEntry, which does implement java.utils.Map.Entry as well.

        Attachments

          Activity

          Hide
          shadycuz Levi Blaney added a comment -

          Same problem, unable to loop through the results of readJson and use the keys or values. 

          Show
          shadycuz Levi Blaney added a comment - Same problem, unable to loop through the results of readJson and use the keys or values. 

            People

            • Assignee:
              Unassigned
              Reporter:
              rdonchen_intel Roman Donchenko
            • Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: