[JIRA] (JENKINS-42860) RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches

4 views
Skip to first unread message

sorin.sbarnea@gmail.com (JIRA)

unread,
Mar 16, 2017, 4:58:02 PM3/16/17
to jenkinsc...@googlegroups.com
Sorin Sbarnea created an issue
 
Jenkins / Improvement JENKINS-42860
RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches
Issue Type: Improvement Improvement
Assignee: Sam Gleske
Components: github-oauth-plugin, github-organization-folder-plugin
Created: 2017/Mar/16 8:57 PM
Environment: jenkins instance configured with github organization plugin and github authorization too.
Priority: Critical Critical
Reporter: Sorin Sbarnea

It seems that I get this exception which is NOT logged inside the script approver which means there is not way to approve it.

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches

This happened with this pipeline https://github.com/pycontribs/powertape/blob/master/Jenkinsfile

 

Now, the interesting thing is that if you configure a this project in jenkins using the pipeline type of of job and setting the source as SCM, it will work.

So this problem is specific to this way of configuring the jobs.
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
Atlassian logo

sorin.sbarnea@gmail.com (JIRA)

unread,
Mar 16, 2017, 5:01:01 PM3/16/17
to jenkinsc...@googlegroups.com
Sorin Sbarnea updated an issue
Change By: Sorin Sbarnea
Component/s: pipeline

andrew.bayer@gmail.com (JIRA)

unread,
Mar 28, 2017, 6:29:04 PM3/28/17
to jenkinsc...@googlegroups.com
Andrew Bayer updated an issue
Change By: Andrew Bayer
Component/s: github-branch-source-plugin
Component/s: github-oauth-plugin
Component/s: pipeline

andrew.bayer@gmail.com (JIRA)

unread,
Mar 28, 2017, 6:29:04 PM3/28/17
to jenkinsc...@googlegroups.com
Andrew Bayer assigned an issue to Kohsuke Kawaguchi
Change By: Andrew Bayer
Assignee: Sam Gleske Kohsuke Kawaguchi

albertvipe@gmail.com (JIRA)

unread,
Mar 29, 2017, 5:13:04 AM3/29/17
to jenkinsc...@googlegroups.com
Albert V commented on Improvement JENKINS-42860
 
Re: RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches

Did you tried to go to $JENKINS_URL/scriptApproval/ and look if you have some signatures pending to approve?
I had this problem and I had to update this page to add 4 different signatures. 

stoiky@gmail.com (JIRA)

unread,
Mar 29, 2017, 5:57:03 AM3/29/17
to jenkinsc...@googlegroups.com
Mihai Stoichitescu assigned an issue to Kohsuke Kawaguchi
 
Change By: Mihai Stoichitescu
Assignee: Mihai Stoichitescu Kohsuke Kawaguchi

stoiky@gmail.com (JIRA)

unread,
Mar 29, 2017, 5:57:03 AM3/29/17
to jenkinsc...@googlegroups.com
Mihai Stoichitescu assigned an issue to Mihai Stoichitescu
Change By: Mihai Stoichitescu
Assignee: Kohsuke Kawaguchi Mihai Stoichitescu

stoiky@gmail.com (JIRA)

unread,
Mar 29, 2017, 5:58:03 AM3/29/17
to jenkinsc...@googlegroups.com

andrew.bayer@gmail.com (JIRA)

unread,
Feb 26, 2018, 5:04:03 PM2/26/18
to jenkinsc...@googlegroups.com
Andrew Bayer updated an issue
Change By: Andrew Bayer
Component/s: git-plugin
Component/s: github-branch-source-plugin
Component/s: github-organization-folder-plugin

andrew.bayer@gmail.com (JIRA)

unread,
Feb 26, 2018, 5:05:02 PM2/26/18
to jenkinsc...@googlegroups.com
Andrew Bayer assigned an issue to Andrew Bayer
Change By: Andrew Bayer
Component/s: script-security-plugin
Component/s: git-plugin
Assignee: Kohsuke Kawaguchi Andrew Bayer

andrew.bayer@gmail.com (JIRA)

unread,
Apr 12, 2018, 11:53:04 AM4/12/18
to jenkinsc...@googlegroups.com
Andrew Bayer assigned an issue to Unassigned
Change By: Andrew Bayer
Assignee: Andrew Bayer

andrew.bayer@gmail.com (JIRA)

unread,
Apr 12, 2018, 11:53:04 AM4/12/18
to jenkinsc...@googlegroups.com
Andrew Bayer updated an issue
Change By: Andrew Bayer
Component/s: git-plugin
Component/s: script-security-plugin

andrew.bayer@gmail.com (JIRA)

unread,
Apr 12, 2018, 11:54:03 AM4/12/18
to jenkinsc...@googlegroups.com
Andrew Bayer commented on Improvement JENKINS-42860
 
Re: RejectedAccessException: Scripts not permitted to use method hudson.plugins.git.GitSCM getBranches

So this would need to be addressed by adding @Whitelisted annotations in the git plugin.

steph@chuci.org (JIRA)

unread,
May 1, 2018, 5:49:02 PM5/1/18
to jenkinsc...@googlegroups.com

Greg Smith Andres Montalban any insight into exactly what your scriptApproval.xml files looked like would be greatly appreciated. As of current LTS builds and plugins today I cannot cajole Jenkins into behaving (simply to get tags from a GitHub repo

dbanttari@gmail.com (JIRA)

unread,
Jun 7, 2019, 12:22:04 PM6/7/19
to jenkinsc...@googlegroups.com

I was able to work around a similar issue using (in my Jenkins config scripts):

def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get()
scriptApproval.approveSignature('method hudson.plugins.git.BranchSpec getName')
scriptApproval.approveSignature('method hudson.plugins.git.GitSCM getBranches')

and now I can use "${scm.branches[0].name}" in my Jenkinsfile

c.f. https://stackoverflow.com/questions/47925058/how-to-approve-script-snippets-from-a-jenkinsfile-via-the-groovy-script-console

Would save a lot of grief for people if these methods were @Whitelisted 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

mark.earl.waite@gmail.com (JIRA)

unread,
Jan 18, 2020, 1:47:10 PM1/18/20
to jenkinsc...@googlegroups.com
Mark Waite closed an issue as Fixed
 

Fixed in git plugin 4.1.0, released Jan 18, 2020.
Change By: Mark Waite
Status: Open Closed
Resolution: Fixed
Released As: git plugin 4.1.0
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages