Script Security check during descriptor load

14 views
Skip to first unread message

Slide

unread,
Jul 27, 2020, 8:40:07 PM7/27/20
to jenkin...@googlegroups.com
I am looking into  https://issues.jenkins-ci.org/browse/JENKINS-60002 for email-ext. The issue arises when a pre-send script is configured and Jenkins is starting up. This particular code is something that was implemented while I was not the maintainer of the plugin, so I am not as well versed in the history as other code in the plugin. 

The constructor is calling load() and then calling some methods to setup parts of the plugin. One of the things it does is call setDefaultPresendScript so that a check is done on the approval status for the script security plugin. The check looks like this:

this.defaultPresendScript = ScriptApproval.get().configuring(((script ==  null) ?  ""  : script), GroovyLanguage.get(), ApprovalContext.create().withCurrentUser());
  The ApprovalContext.create().withCurrentUser() seems to be the problem because during Jenkins startup, there is no user (it is null). So, this causes the issue in the bug. How do I make sure the script security stuff is setup correctly for the pre-send script while fixing this issue?  

Here is the full stack trace from the error:

 0.682 [id=78] WARNING h.ExtensionFinder$GuiceFinder$FaultTolerantScope$1#error: Failed to instantiate Key[type=hudson.plugins.emailext.ExtendedEmailPublisherDescriptor, annotation=[none]]; skipping this component
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) Tried proxying hudson.plugins.emailext.ExtendedEmailPublisherDescriptor to support a circular dependency, but it is not an interface.

1 error
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145)
at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:440)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103)
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012)
at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:402)
at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393)
at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:335)
at hudson.ExtensionList.load(ExtensionList.java:380)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:318)
at hudson.ExtensionList.getComponents(ExtensionList.java:183)
at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:193)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:318)
at hudson.ExtensionList.iterator(ExtensionList.java:172)
at hudson.model.User.allocateDefaultPropertyInstancesAsNeeded(User.java:209)
at hudson.model.User.load(User.java:198)
at hudson.model.User.<init>(User.java:191)
at hudson.model.User.getOrCreateById(User.java:523)
at hudson.model.User.getById(User.java:619)
at hudson.model.User.get(User.java:603)
at hudson.model.User.current(User.java:586)
at org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext.withCurrentUser(ApprovalContext.java:72)
at hudson.plugins.emailext.ExtendedEmailPublisherDescriptor.setDefaultPostsendScript(ExtendedEmailPublisherDescriptor.java:580)
at hudson.plugins.emailext.ExtendedEmailPublisherDescriptor.<init>(ExtendedEmailPublisherDescriptor.java:196)
at hudson.plugins.emailext.ExtendedEmailPublisherDescriptor$$FastClassByGuice$$5dfa54d0.newInstance(<generated>)
at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40)
at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:61)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:105)
at com.google.inject.internal.ConstructorInjector.access$000(ConstructorInjector.java:32)
at com.google.inject.internal.ConstructorInjector$1.call(ConstructorInjector.java:89)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:115)
at hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:567)
at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:126)
at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:68)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:87)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267)
at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145)
at hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:440)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1092)
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012)
at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:402)
at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393)
at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:335)
at hudson.ExtensionList.load(ExtensionList.java:380)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:318)
at hudson.ExtensionList.iterator(ExtensionList.java:172)
at hudson.diagnosis.NullIdDescriptorMonitor.verify(NullIdDescriptorMonitor.java:72)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:104)
at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:175)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1096)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)


Any help or pointers would be greatly appreciated.

Thanks,

Alex

--

Basil Crow

unread,
Jul 27, 2020, 8:48:35 PM7/27/20
to jenkin...@googlegroups.com
Hey Alex,

Coincidentally, I ran across a very similar circular dependency issue recently in the Copy Artifact plugin (JENKINS-62267). On further examination, I also found a similar circular dependency issue in the Folders plugin (JENKINS-60393). The Copy Artifact plugin maintainer based his fix for JENKINS-62267 on the fix for JENKINS-60393. You might find some inspiration  reading those bugs and PRs.

Basil

Slide

unread,
Jul 27, 2020, 10:20:24 PM7/27/20
to Jenkins Developer List
Hi Basil,


Thanks so much for your help! I'll review those items and see what I can do. The Jenkins community is great!

Regards,

Alex

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqrNtwf9_87Xw6fi2VUAvdvn0KjTDN7z1FeaLcL3QzpYQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages