[JIRA] (JENKINS-61883) Can't access JSONObject entries

2 views

Skip to first unread message

roman.donchenko@intel.com (JIRA)

unread,

Apr 13, 2020, 12:20:05 PM4/13/20

to jenkinsc...@googlegroups.com

Roman Donchenko created an issue

Jenkins /

JENKINS-61883

Can't access JSONObject entries

Issue Type:	Bug
Assignee:	Unassigned
Components:	script-security-plugin
Created:	2020-04-13 16:19
Environment:	Jenkins 2.190.1 Script Security plugin 1.71
Priority:	Minor
Reporter:	Roman Donchenko

Try executing this pipeline:

 
                                                                def o = readJSON text: '{"foo": "bar"}'

for (entry in o) {
    echo entry.class.toString()
    echo "$entry.key -> $entry.value"
}

The output is:

 
                                                                class org.apache.commons.collections.map.ListOrderedMap$ListOrderedMapEntry
Scripts not permitted to use method org.apache.commons.collections.KeyValue getKey. Administrators can decide whether to approve or reject this signature.

The reason for that is that readJSON returns a net.sf.json.JSONObject, whose entry class is org.apache.commons.collections.map.ListOrderedMap.ListOrderedMapEntry, which implements org.apache.commons.collections.KeyValue, whose members are not whitelisted.

It would be nice if you could do at least one of these:

1. Whitelist org.apache.commons.collections.KeyValue getKey and getValue.
2. Make it so that the existing whitelist entries for java.util.Map.Entry getKey and getValue also apply to org.apache.commons.collections.map.ListOrderedMap.ListOrderedMapEntry, which does implement java.utils.Map.Entry as well.

Add Comment

This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)

Reply all

Reply to author

Forward

0 new messages