Using a GPath expression like this list.technology.name.text() works fine but requires an admin to allow "method groovy.lang.GroovyObject getProperty java.lang.String" which the script security plugin recommends against ("Approving this signature may introduce a security vulnerability! You are advised to deny it."). Since I am not the owner of the Jenkins instance, I am not sure I can convince them this is OK to approve.
Is there a way to write the code such that it does not depend on GroovyObject.getProperty being permitted? Or is there someway to configure Jenkins so that this can work?
David Karr
unread,
Dec 1, 2016, 1:43:33 PM12/1/16
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to jenkins...@googlegroups.com
The default security restrictions are very tight. There are many
things you can't do that would severely restrict any reasonable
scripting approach. If you control the scripts you run, there's little
point to not removing restrictions for the methods you need to call.