Pipeline Multibranch and Security questions
164 views
Skip to first unread message
Kristian
Jan 12, 2017, 8:30:55 AM1/12/17
to jenkins...@googlegroups.com
Hi all,
I am new to Pipeline and Multibranch. I just wrote a small test
pipeline script for a project of me and started it in a Multibranch
project. Suddenly I got an error message like this:
> org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance
After a quick look at Google, I found out, that I can whitelist this
at "Manage Jenkins -> In-process Script Approval". I had to do this
several times, so now I have this white list:
> field hudson.model.Slave name
> method hudson.model.AbstractCIBase getNodes
> method hudson.model.Node getRootPath
> staticMethod jenkins.model.Jenkins getInstance
The last function is a problem due to Jenkins / Script Security
Plugin, because this function "may have introduced a security
vulnerability". I am using the getInstance() function in this
function:
// **********
@NonCPS
def nodeRootDir(nodeName) {
for (node in Jenkins.instance.nodes) {
println node.name
if (!nodeName.equals('master') &&
node.name.compareTo(nodeName) == 0 ) {
return node.getRootPath()
break
}
}
}
// **********
The function retrieves the root path of a slave. The question is: Is
there another way to get the root path of a slave in a non-problematic
way?
I am new to Pipeline and Multibranch. I just wrote a small test
pipeline script for a project of me and started it in a Multibranch
project. Suddenly I got an error message like this:
> org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod jenkins.model.Jenkins getInstance
After a quick look at Google, I found out, that I can whitelist this
at "Manage Jenkins -> In-process Script Approval". I had to do this
several times, so now I have this white list:
> field hudson.model.Slave name
> method hudson.model.AbstractCIBase getNodes
> method hudson.model.Node getRootPath
> staticMethod jenkins.model.Jenkins getInstance
The last function is a problem due to Jenkins / Script Security
Plugin, because this function "may have introduced a security
vulnerability". I am using the getInstance() function in this
function:
// **********
@NonCPS
def nodeRootDir(nodeName) {
for (node in Jenkins.instance.nodes) {
println node.name
if (!nodeName.equals('master') &&
node.name.compareTo(nodeName) == 0 ) {
return node.getRootPath()
break
}
}
}
// **********
The function retrieves the root path of a slave. The question is: Is
there another way to get the root path of a slave in a non-problematic
way?
Daniel Beck
Jan 12, 2017, 8:50:30 AM1/12/17
to jenkins...@googlegroups.com
What are you trying to accomplish? Pipeline is not intended to perform system management tasks.
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO5HUhPS0Tj65VwwWkTQfA0hRSEXLuYDODf0PesPUXXLiJw%3DAQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
> You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO5HUhPS0Tj65VwwWkTQfA0hRSEXLuYDODf0PesPUXXLiJw%3DAQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
Kristian
Jan 12, 2017, 9:00:55 AM1/12/17
to jenkins...@googlegroups.com
The function comes originally from this question:
https://groups.google.com/forum/#!topic/jenkinsci-users/L9yP2df9Fz4
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5CB3C56B-46AC-4C86-9A17-81C5BBEBEA8F%40beckweb.net.
https://groups.google.com/forum/#!topic/jenkinsci-users/L9yP2df9Fz4
Kristian
Jan 12, 2017, 9:03:12 AM1/12/17
to jenkins...@googlegroups.com
Sorry, this was the false link. This is the correct one:
https://groups.google.com/forum/#!topic/jenkinsci-users/1mtr7Av4zJI
https://groups.google.com/forum/#!topic/jenkinsci-users/1mtr7Av4zJI
Björn Pedersen
Jan 12, 2017, 11:01:52 AM1/12/17
to Jenkins Users
try:
echo manager.hudson.getNode(NODE_NAME).getRootPath().toString()
to get the current nodes rootPath (or pass a suitable nodename).
Björn
echo manager.hudson.getNode(NODE_NAME).getRootPath().toString()
to get the current nodes rootPath (or pass a suitable nodename).
Björn
Daniel Beck
Jan 12, 2017, 11:08:01 AM1/12/17
to jenkins...@googlegroups.com
> On 12.01.2017, at 17:01, 'Björn Pedersen' via Jenkins Users <jenkins...@googlegroups.com> wrote:
>
> manager.hudson
Specific to unsandboxed Groovy Postbuild, doesn't work in Pipeline.
Daniel Beck
Jan 12, 2017, 11:09:09 AM1/12/17
to jenkins...@googlegroups.com
> On 12.01.2017, at 15:03, Kristian <kristian...@gmail.com> wrote:
>
> Sorry, this was the false link. This is the correct one:
> https://groups.google.com/forum/#!topic/jenkinsci-users/1mtr7Av4zJI
Reply all
Reply to author
Forward
0 new messages