Active Choices Script Security and Approval

[Ioannis Moutsatsos]

Active Choices v1.5 implements security permission via the Script Security plugin [1]

Each script includes a checkbox:

'If checked, run this Groovy script in a sandbox with limited abilities. If unchecked, and you are not a Jenkins administrator, you will need to wait for an administrator to approve the script.'

Given the need for script approval before the parameter becomes functional does it make sense to provide an easy link to the script approval page next to the checkbox?

Also what happens if the script gets modified? Do you need to re-approve it?

Best regards

Ioannis

[1]: https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Plugin

[Bruno P. Kinoshita]

>Given the need for script approval before the parameter becomes functional does it make sense to provide an easy link to the script approval page next to the checkbox?

I think it would be helpful. Not sure how simple it would to implement it, but I can see that it would help users.

>Also what happens if the script gets modified? Do you need to re-approve it?

I believe so. From what I recall, the script-security plug-in stores approvals along with a hash of the script (md5sum I think), in a kind of a map.

When you change the script, it will probably check if it can find the hash in the list of approved script (when necessary, sometimes you just want to sandbox it I think). It may also check if you have not introduced a method that is not allowed in the sandbox environment.

Cheers

Bruno

---

From: Ioannis Moutsatsos <imout...@gmail.com>
To: BioUno Developers <biouno-d...@googlegroups.com>
Sent: Thursday, 10 November 2016 4:10 AM
Subject: Active Choices Script Security and Approval

--
You received this message because you are subscribed to the Google Groups "BioUno Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to biouno-develop...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.