[JIRA] (JENKINS-37541) NPE while getting getSensitiveBuildVariables in a build

1 view
Skip to first unread message

vincent@latombe.net (JIRA)

unread,
Aug 19, 2016, 5:30:03 AM8/19/16
to jenkinsc...@googlegroups.com
Vincent Latombe created an issue
 
Jenkins / Bug JENKINS-37541
NPE while getting getSensitiveBuildVariables in a build
Issue Type: Bug Bug
Assignee: Vincent Latombe
Components: credentials-binding-plugin
Created: 2016/Aug/19 9:29 AM
Priority: Major Major
Reporter: Vincent Latombe

One of my customers is getting this error while browsing views or trying to browse 'Configure system'. In both cases, the following stacktrace is displayed in the logs, which leads me to think SecretBuildWrapper#bindings is null for at least one build on his system.

2016-08-19 02:05:41.007+0000 [id=90293]	WARNING	h.ExpressionFactory2$JexlExpression#evaluate: Caught exception evaluating: am.isActivated() and am.isEnabled() in /manage. Reason: java.lang.NullPointerExceptionjava.lang.NullPointerException
	at org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper.makeSensitiveBuildVariables(SecretBuildWrapper.java:76)
	at hudson.model.AbstractBuild.getSensitiveBuildVariables(AbstractBuild.java:1022)
	at au.com.centrumsystems.hudson.plugin.util.BuildUtil.getUnsensitiveParameters(BuildUtil.java:177)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.<init>(ProjectForm.java:131)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.<init>(ProjectForm.java:108)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.<init>(ProjectForm.java:88)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.ProjectForm.as(ProjectForm.java:145)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.DownstreamProjectGridBuilder$GridImpl.<init>(DownstreamProjectGridBuilder.java:77)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.DownstreamProjectGridBuilder$GridImpl.<init>(DownstreamProjectGridBuilder.java:58)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.DownstreamProjectGridBuilder.build(DownstreamProjectGridBuilder.java:227)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView.getBuildPipelineForm(BuildPipelineView.java:354)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView.getItems(BuildPipelineView.java:816)
	at au.com.centrumsystems.hudson.plugin.buildpipeline.BuildPipelineView.hasPermission(BuildPipelineView.java:884)
	at hudson.model.ViewGroupMixIn.getViews(ViewGroupMixIn.java:115)
	at jenkins.model.Jenkins.getViews(Jenkins.java:1469)
	at hudson.diagnosis.TooManyJobsButNoView.isActivated(TooManyJobsButNoView.java:46)
	at sun.reflect.GeneratedMethodAccessor424.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:497)
	at org.apache.commons.jexl.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:258)
	at org.apache.commons.jexl.parser.ASTMethod.execute(ASTMethod.java:104)
	at org.apache.commons.jexl.parser.ASTReference.execute(ASTReference.java:83)
	at org.apache.commons.jexl.parser.ASTReference.value(ASTReference.java:57)
	at org.apache.commons.jexl.parser.ASTAndNode.value(ASTAndNode.java:55)
	at org.apache.commons.jexl.parser.ASTExpression.value(ASTExpression.java:54)
	at org.apache.commons.jexl.parser.ASTExpressionExpression.value(ASTExpressionExpression.java:56)
	at org.apache.commons.jexl.ExpressionImpl.evaluate(ExpressionImpl.java:80)
	at hudson.ExpressionFactory2$JexlExpression.evaluate(ExpressionFactory2.java:74)
	at org.apache.commons.jelly.expression.ExpressionSupport.evaluateRecurse(ExpressionSupport.java:61)
	at org.apache.commons.jelly.expression.ExpressionSupport.evaluateAsBoolean(ExpressionSupport.java:71)
	at org.apache.commons.jelly.tags.core.CoreTagLibrary$1.run(CoreTagLibrary.java:97)
	at org.apache.commons.jelly.TagSupport.invokeBody(TagSupport.java:161)
	at org.apache.commons.jelly.tags.core.ForEachTag.doTag(ForEachTag.java:150)
	at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
	at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
	at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.apache.commons.jelly.tags.core.CoreTagLibrary$1.run(CoreTagLibrary.java:98)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
	at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.kohsuke.stapler.jelly.CallTagLibScript$1.run(CallTagLibScript.java:99)
	at org.apache.commons.jelly.tags.define.InvokeBodyTag.doTag(InvokeBodyTag.java:91)
	at org.apache.commons.jelly.impl.TagScript.run(TagScript.java:269)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.kohsuke.stapler.jelly.ReallyStaticTagLibrary$1.run(ReallyStaticTagLibrary.java:99)
	at org.apache.commons.jelly.impl.ScriptBlock.run(ScriptBlock.java:95)
	at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
	at org.kohsuke.stapler.jelly.CallTagLibScript.run(CallTagLibScript.java:120)
	at org.apache.commons.jelly.tags.core.CoreTagLibrary$2.run(CoreTagLibrary.java:105)
	at org.kohsuke.stapler.jelly.JellyViewScript.run(JellyViewScript.java:95)
	at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:63)
	at org.kohsuke.stapler.jelly.DefaultScriptInvoker.invokeScript(DefaultScriptInvoker.java:53)
	at org.kohsuke.stapler.jelly.JellyFacet$1.dispatch(JellyFacet.java:95)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
	at com.cloudbees.jenkins.ha.HAHealthCheckFilter.doFilter(HAHealthCheckFilter.java:35)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:38)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
	at com.cloudbees.opscenter.security.ClusterSessionFilter._doFilter(ClusterSessionFilter.java:69)
	at com.cloudbees.opscenter.security.ClusterSessionFilter.doFilter(ClusterSessionFilter.java:44)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:201)
	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:178)
	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:85)
	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:102)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
	at org.jenkinsci.plugins.suppress_stack_trace.SuppressionFilter.doFilter(SuppressionFilter.java:34)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:129)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
	at org.eclipse.jetty.server.Server.handle(Server.java:370)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
Atlassian logo

vincent@latombe.net (JIRA)

unread,
Aug 19, 2016, 5:31:02 AM8/19/16
to jenkinsc...@googlegroups.com
Vincent Latombe updated an issue
Change By: Vincent Latombe
Environment: credentials-bindings-1.8

scm_issue_link@java.net (JIRA)

unread,
Aug 19, 2016, 9:26:01 AM8/19/16
to jenkinsc...@googlegroups.com
SCM/JIRA link daemon commented on Bug JENKINS-37541
 
Re: NPE while getting getSensitiveBuildVariables in a build

Code changed in jenkins
User: Vincent Latombe
Path:
src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/SecretBuildWrapper.java
http://jenkins-ci.org/commit/credentials-binding-plugin/ad1bd01a49eb9a0e11e3463db9961ce7155d5272
Log:
JENKINS-37541 Protect ourselves against deserialization with null binding

Compare: https://github.com/jenkinsci/credentials-binding-plugin/compare/e2a2dbb2caf4^...ad1bd01a49eb

vincent@latombe.net (JIRA)

unread,
Aug 19, 2016, 9:27:02 AM8/19/16
to jenkinsc...@googlegroups.com
Vincent Latombe started work on Bug JENKINS-37541
 
Change By: Vincent Latombe
Status: Open In Progress

jglick@cloudbees.com (JIRA)

unread,
Aug 19, 2016, 9:40:01 AM8/19/16
to jenkinsc...@googlegroups.com
Change By: Jesse Glick
Status: In Progress Review

scm_issue_link@java.net (JIRA)

unread,
Aug 19, 2016, 12:19:01 PM8/19/16
to jenkinsc...@googlegroups.com

Code changed in jenkins
User: Vincent Latombe
Path:

pom.xml
src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/SecretBuildWrapper.java
http://jenkins-ci.org/commit/credentials-binding-plugin/4453a9a886f998a813a9c0cbaf6c8efc4191ba7d
Log:
Merge pull request #20 from jenkinsci/JENKINS-37541

JENKINS-37541 Protect ourselves against deserialization with null binding

vincent@latombe.net (JIRA)

unread,
Sep 17, 2016, 4:01:04 AM9/17/16
to jenkinsc...@googlegroups.com
Vincent Latombe updated Bug JENKINS-37541
 

Released in 1.9
Change By: Vincent Latombe
Status: In Review Closed
Resolution: Fixed
Reply all
Reply to author
Forward
0 new messages