Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61952

Matcher.find() and Matcher.group(String) are no longer whitelisted

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • script-security-plugin
    • None
    • Jenkins ver. 2.204.2
      script-security-plugin 1.68
    • script-security 1.72

      Originally reported by wolniewicz in JENKINS-61575, but that issue appears to be broken so I cloned it here.

      We have upgraded the plugin from 1.66 -> 1.68
      Since version 1.68 method java.util.regex.Matcher find is not longer whitelisted:

      https://github.com/jenkinsci/script-security-plugin/commit/d5e107b1bd780314bc13ebed401ab3b8a22ec9a4#diff-bd6a93804fc62863a4d7460e35733302

      Was this made on purpose or all mentioned methods were removed by accident?

      method java.util.regex.Matcher find
method java.util.regex.Matcher group java.lang.String

       

      We had to manually approve mentioned methods on our production servers.

      Could you please add mentioned methods to default approve list?

            dnusbaum Devin Nusbaum
            dnusbaum Devin Nusbaum
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: