Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61952

Matcher.find() and Matcher.group(String) are no longer whitelisted

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: script-security-plugin
    • Labels:
      None
    • Environment:
      Jenkins ver. 2.204.2
      script-security-plugin 1.68
    • Similar Issues:
    • Released As:
      script-security 1.72

      Description

      Originally reported by Maciej Wolniewicz in JENKINS-61575, but that issue appears to be broken so I cloned it here.

      We have upgraded the plugin from 1.66 -> 1.68
      Since version 1.68 method java.util.regex.Matcher find is not longer whitelisted:

      https://github.com/jenkinsci/script-security-plugin/commit/d5e107b1bd780314bc13ebed401ab3b8a22ec9a4#diff-bd6a93804fc62863a4d7460e35733302

      Was this made on purpose or all mentioned methods were removed by accident?

      method java.util.regex.Matcher find
      method java.util.regex.Matcher group java.lang.String
      

       

      We had to manually approve mentioned methods on our production servers.

      Could you please add mentioned methods to default approve list?

        Attachments

          Issue Links

            Activity

            Hide
            dnusbaum Devin Nusbaum added a comment -

            These methods were added to the default whitelist in Script Security plugin version 1.72.

            Show
            dnusbaum Devin Nusbaum added a comment - These methods were added to the default whitelist in Script Security plugin version 1.72.

              People

              • Assignee:
                dnusbaum Devin Nusbaum
                Reporter:
                dnusbaum Devin Nusbaum
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: