[JIRA] (JENKINS-60826) Git plugin whitelist ignored in called method

0 views
Skip to first unread message

mark.earl.waite@gmail.com (JIRA)

unread,
Jan 20, 2020, 2:20:03 PM1/20/20
to jenkinsc...@googlegroups.com
Mark Waite created an issue
 
Jenkins / Bug JENKINS-60826
Git plugin whitelist ignored in called method
Issue Type: Bug Bug
Assignee: Mark Waite
Components: git-plugin
Created: 2020-01-20 19:19
Environment: git plugin 4.1.0
git client plugin 4.1.0
Jenkins 2.204.1
Priority: Minor Minor
Reporter: Mark Waite

Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields. It is confirmed to work when the references are directly inside the Jenkinsfile, as in the JENKINS-42860 automated check.

It fails to whitelist the reference to that field when it is accessed from a shared library method like GitUtils.my_utils

The failing reference looks something like this:

@Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
import com.markwaite.Assert
import com.markwaite.Build
import com.markwaite.GitUtils

def branch1='JENKINS-37156'
def branch2='master'
def branch3='JENKINS-06203'

node('git-1.8+ && !cloud') {
  stage('Checkout') {
    def my_utils = new com.markwaite.GitUtils()
    dir(branch2) {
      checkout([$class: 'GitSCM',
                branches: [[name: branch2]],
                browser: [$class: 'GithubWeb', repoUrl: 'https://github.com/MarkEWaite/jenkins-bugs-private'],
                doGenerateSubmoduleConfigurations: false,
                extensions: [
                  [$class: 'LocalBranch', localBranch: '**'],
                  [$class: 'SubmoduleOption',
                   disableSubmodules: true,
                   recursiveSubmodules: false,
                   trackingSubmodules: false],
                ],
                gitTool: 'Default',
                submoduleCfg: [],
                userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch2)
               ])
    }
}
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

mark.earl.waite@gmail.com (JIRA)

unread,
Jan 25, 2020, 10:47:02 AM1/25/20
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
Change By: Mark Waite
Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields.  It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]


The failing reference looks something like this:

{noformat}

@Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
import com.markwaite.
Assert
import com.markwaite. Build
import com.markwaite.GitUtils

def branch1 branch =' JENKINS-37156'
def branch2=' master'
 def branch3='JENKINS-06203'

node('git-1.8+ && !cloud') {
  stage('Checkout') {
    def my_utils = new com.markwaite.GitUtils()
    dir( branch2 branch ) {
      checkout([$class: 'GitSCM',
                branches: [[name: branch2 branch ]],
                browser: [$class: 'GithubWeb', repoUrl: 'https://github.com/MarkEWaite/jenkins-bugs-private'],
                doGenerateSubmoduleConfigurations: false,
                extensions: [
                  [$class: 'LocalBranch', localBranch: '**'],
                  [$class: 'SubmoduleOption',
                   disableSubmodules: true,
                   recursiveSubmodules: false,
                   trackingSubmodules: false],
                ],
                 gitTool: 'Default',
                 submoduleCfg: [],
                userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch2 branch )
               ])
    }
}
{noformat}

mark.earl.waite@gmail.com (JIRA)

unread,
Jan 25, 2020, 10:48:02 AM1/25/20
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields.  It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

The failing reference looks something like this:

{noformat}
@Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _
import com.markwaite.Build
import com.markwaite.GitUtils

def branch='master'

node ('git-1.8+ && !cloud') {

  stage('Checkout') {
    def my_utils = new com.markwaite.GitUtils()
    dir(branch) {
      checkout([$class: 'GitSCM',
                branches: [[name: branch]],
                gitTool: 'Default',
                userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
               ])
    }
}
{noformat}

mark.earl.waite@gmail.com (JIRA)

unread,
Jan 25, 2020, 10:48:03 AM1/25/20
to jenkinsc...@googlegroups.com
Mark Waite updated an issue
Git plugin 4.1.0 adds many GitSCM getters to the Pipeline whitelist as part of JENKINS-42860 so that Pipeline users do not need to specifically approve a script that refers to GitSCM fields.  It is confirmed to work when the references are directly inside the Jenkinsfile, as in the [JENKINS-42860 automated check|https://github.com/MarkEWaite/jenkins-bugs/blob/bceaac3d9ac04f28362d88108f71f838fa0f7346/Jenkinsfile#L12].

It fails to whitelist the reference to that field when it is accessed from a shared library method like [GitUtils.my_utils|https://github.com/MarkEWaite/jenkins-pipeline-utils/blob/638b208ca71177386b4becb587bceb2c4e36b103/src/com/markwaite/GitUtils.groovy#L3]

The failing reference looks something like this:

{noformat}
@Library(value='globalPipelineLibraryMarkEWaite', changelog=false) _

import com.markwaite.GitUtils

def branch='master'

node {

  stage('Checkout') {
    def my_utils = new com.markwaite.GitUtils()
    dir(branch) {
      checkout([$class: 'GitSCM',
                branches: [[name: branch]],
                gitTool: 'Default',
                 userRemoteConfigs: my_utils.adjustRemoteConfig(scm.userRemoteConfigs[0], branch)
               ])
    }
}
{noformat}

mark.earl.waite@gmail.com (JIRA)

unread,
Jan 28, 2020, 4:27:02 AM1/28/20
to jenkinsc...@googlegroups.com
Mark Waite assigned an issue to Unassigned
Change By: Mark Waite
Assignee: Mark Waite
Reply all
Reply to author
Forward
0 new messages