[JIRA] (JENKINS-39878) Unclassified method java.io.File eachFileRecurse in Groovy SCM script

13 views
Skip to first unread message

marcel.lambacher1997@gmail.com (JIRA)

unread,
Nov 19, 2016, 5:30:02 AM11/19/16
to jenkinsc...@googlegroups.com
Marcel Lambacher created an issue
 
Jenkins / Bug JENKINS-39878
Unclassified method java.io.File eachFileRecurse in Groovy SCM script
Issue Type: Bug Bug
Assignee: Marcel Lambacher
Components: script-security-plugin
Created: 2016/Nov/19 10:29 AM
Environment: Windows 10 x64
Labels: pipeline
Priority: Major Major
Reporter: Marcel Lambacher

If I create a new jenkinsfie with the following content:

[...]
def files = new File('.').eachFile(FileType.FILES)
		for(String file: files){
			echo file
		}
[...]

and I approve the following scrips in the "Script Approval":

new java.io.File java.lang.String
staticField groovy.io.FileType FILES

I'll get this exception:

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: unclassified method java.io.File eachFileRecurse groovy.io.FileType
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:113)
	at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149)
	at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146)
	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16)
	at WorkflowScript.run(WorkflowScript:22)
	at ___cps.transform___(Native Method)
	at com.cloudbees.groovy.cps.impl.ContinuationGroup.methodCall(ContinuationGroup.java:57)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:109)
	at com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82)
	at sun.reflect.GeneratedMethodAccessor311.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.get(PropertyishBlock.java:76)
	at com.cloudbees.groovy.cps.LValueBlock$GetAdapter.receive(LValueBlock.java:30)
	at com.cloudbees.groovy.cps.impl.PropertyishBlock$ContinuationImpl.fixName(PropertyishBlock.java:66)
	at sun.reflect.GeneratedMethodAccessor347.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72)
	at com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21)
	at com.cloudbees.groovy.cps.Next.step(Next.java:58)
	at com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:154)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$001(SandboxContinuable.java:18)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:33)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable$1.call(SandboxContinuable.java:30)
	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:108)
	at org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:30)
	at org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:163)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:324)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$100(CpsThreadGroup.java:78)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:236)
	at org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:224)
	at org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:63)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:112)
	at jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

marcel.lambacher1997@gmail.com (JIRA)

unread,
Nov 19, 2016, 5:31:01 AM11/19/16
to jenkinsc...@googlegroups.com
Marcel Lambacher started work on Bug JENKINS-39878
 
Change By: Marcel Lambacher
Status: Open In Progress

jglick@cloudbees.com (JIRA)

unread,
Jan 3, 2017, 11:19:02 AM1/3/17
to jenkinsc...@googlegroups.com
Jesse Glick commented on Bug JENKINS-39878
 
Re: Unclassified method java.io.File eachFileRecurse in Groovy SCM script

Do not whitelist new java.io.File java.lang.String. More recent versions of script-security will in fact warn you sternly against this. From Pipeline script you may not use File/Path operations. Rather use sh/bat to launch external processes.

That said, why this DefaultGroovyMethods method is not recognized as such is an open question.

jglick@cloudbees.com (JIRA)

unread,
Jan 3, 2017, 11:20:01 AM1/3/17
to jenkinsc...@googlegroups.com
Jesse Glick assigned an issue to Unassigned
 
Change By: Jesse Glick
Assignee: Marcel Lambacher

jglick@cloudbees.com (JIRA)

unread,
Jan 3, 2017, 11:20:01 AM1/3/17
to jenkinsc...@googlegroups.com
Jesse Glick stopped work on Bug JENKINS-39878
 
Change By: Jesse Glick
Status: In Progress Open
Reply all
Reply to author
Forward
0 new messages