[JIRA] (JENKINS-36206) Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest

[owood@cloudbees.com (JIRA)]

Owen Wood created an issue

Jenkins / JENKINS-36206 Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest Issue Type: Improvement Assignee: Jesse Glick Components: script-security-plugin Created: 2016/Jun/24 3:28 AM Priority: Minor Reporter: Owen Wood Pending review of course. Not sure what security implications there might be here. To reproduce: node { env.WORKSPACE = pwd() test = env.WORKSPACE.drop(3) } Results in: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:174) Reproducible with Sandbox enabled (or using Jenkinsfile obviously) Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

[jglick@cloudbees.com (JIRA)]

Jesse Glick commented on JENKINS-36206

Re: Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest Well approve that method.

Add Comment