[JIRA] (JENKINS-55240) Refusing to marshal org.jvnet.hudson.test.TestCrumbIssuer for security reasons

5 views
Skip to first unread message

jenkins-ci@carlossanchez.eu (JIRA)

unread,
Dec 18, 2018, 7:34:03 AM12/18/18
to jenkinsc...@googlegroups.com
Carlos Sanchez created an issue
 
Jenkins / Bug JENKINS-55240
Refusing to marshal org.jvnet.hudson.test.TestCrumbIssuer for security reasons
Issue Type: Bug Bug
Assignee: Unassigned
Components: core
Created: 2018-12-18 12:33
Labels: JEP-200
Priority: Minor Minor
Reporter: Carlos Sanchez

https://ci.jenkins.io/job/Plugins/job/kubernetes-plugin/job/PR-409/1/testReport/org.csanchez.jenkins.plugins.kubernetes/KubernetesSlaveTest/windows_8___Archive__windows_8____testGetPodRetention/

Discussion in https://github.com/jenkinsci/kubernetes-plugin/pull/409

java.lang.RuntimeException: java.io.IOException: java.lang.RuntimeException: Failed to serialize jenkins.model.Jenkins#clouds for class hudson.model.Hudson
	at hudson.util.PersistedList._onModified(PersistedList.java:183)
	at hudson.util.PersistedList.add(PersistedList.java:72)
	at org.csanchez.jenkins.plugins.kubernetes.KubernetesSlaveTest.testGetPodRetention(KubernetesSlaveTest.java:93)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.jvnet.hudson.test.JenkinsRule$1.evaluate(JenkinsRule.java:552)
	at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)
	at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: java.lang.RuntimeException: Failed to serialize jenkins.model.Jenkins#clouds for class hudson.model.Hudson
	at hudson.XmlFile.write(XmlFile.java:200)
	at jenkins.model.Jenkins.save(Jenkins.java:3221)
	at hudson.util.PersistedList.onModified(PersistedList.java:173)
	at jenkins.model.Jenkins$CloudList.onModified(Jenkins.java:501)
	at hudson.util.PersistedList._onModified(PersistedList.java:181)
	... 15 more
Caused by: java.lang.RuntimeException: Failed to serialize jenkins.model.Jenkins#clouds for class hudson.model.Hudson
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
	at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
	at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
	at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
	at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
	at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
	at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
	at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
	at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
	at hudson.XmlFile.write(XmlFile.java:193)
	... 19 more
Caused by: java.lang.UnsupportedOperationException: Refusing to marshal org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud for security reasons; see https://jenkins.io/redirect/class-filter/
	at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java:543)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:88)
	at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
	at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
	at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
	at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:84)
	at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
	at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
	... 32 more
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

o.v.nenashev@gmail.com (JIRA)

unread,
Dec 18, 2018, 7:38:02 AM12/18/18
to jenkinsc...@googlegroups.com
Oleg Nenashev updated an issue
Change By: Oleg Nenashev
Component/s: jenkins-test-harness
Component/s: core

rene.scheibe@gmail.com (JIRA)

unread,
Jan 2, 2019, 7:11:02 AM1/2/19
to jenkinsc...@googlegroups.com
René Scheibe commented on Bug JENKINS-55240
 
Re: Refusing to marshal org.jvnet.hudson.test.TestCrumbIssuer for security reasons

I am a bit confused - the TestCrumbIssuer contained in the issue title is not contained in the provided stacktrace. Why is that?

I hit the same/similar problem with TestCrumbIssuer when testing for JCasC compatibility.

Running ConfigurationAsCode.get().export(System.out) in tests results in the following output.

Jenkins Log

0.262 [id=110] WARNING i.j.p.c.i.DefaultConfiguratorRegistry#internalLookup: Configuration-as-Code can't handle type class org.jvnet.hudson.test.TestCrumbIssuer

JCasC Output

    plugins:
      sites:
      - id: "default"
        url: "http://localhost:38939/update-center.json"
    jenkins:
      agentProtocols:
      - "CLI-connect"
      - "CLI2-connect"
      - "JNLP-connect"
      - "JNLP2-connect"
      - "JNLP4-connect"
      - "Ping"
      crumbIssuer: "FAILED TO EXPORT hudson.model.Hudson#crumbIssuer: \nio.jenkins.plugins.casc.ConfiguratorException:\
        \ Cannot find configurator for type class org.jvnet.hudson.test.TestCrumbIssuer\n\
        \tat io.jenkins.plugins.casc.impl.DefaultConfiguratorRegistry$1.load(DefaultConfiguratorRegistry.java:97)\n\
        \tat io.jenkins.plugins.casc.impl.DefaultConfiguratorRegistry$1.load(DefaultConfiguratorRegistry.java:93)\n\
        \tat com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3524)\n\
        \tat com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2317)\n\
        \tat com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2280)\n\
        \tat com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2195)\n\t\
        at com.google.common.cache.LocalCache.get(LocalCache.java:3934)\n\tat com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3938)\n\
        \tat com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4821)\n\
        \tat io.jenkins.plugins.casc.impl.DefaultConfiguratorRegistry.lookupOrFail(DefaultConfiguratorRegistry.java:70)\n\
        \tat io.jenkins.plugins.casc.ConfigurationContext.lookupOrFail(ConfigurationContext.java:71)\n\
        \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:160)\n\
        \tat io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.describe(HeteroDescribableConfigurator.java:43)\n\
        \tat io.jenkins.plugins.casc.Attribute.describe(Attribute.java:196)\n\tat io.jenkins.plugins.casc.core.JenkinsConfigurator.describe(JenkinsConfigurator.java:83)\n\
        \tat io.jenkins.plugins.casc.core.JenkinsConfigurator.describe(JenkinsConfigurator.java:30)\n\
        \tat io.jenkins.plugins.casc.ConfigurationAsCode.export(ConfigurationAsCode.java:411)\n\
        \tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\
        \tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\
        \tat java.lang.reflect.Method.invoke(Method.java:498)\n\tat org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:98)\n\
        \tat groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325)\n\tat groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1225)\n\
        \tat groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1034)\n\tat org.codehaus.groovy.runtime.InvokerHelper.invokePojoMethod(InvokerHelper.java:935)\n\
        \tat org.codehaus.groovy.runtime.InvokerHelper.invokeMethod(InvokerHelper.java:926)\n\
        \tat org.spockframework.runtime.GroovyRuntimeUtil.invokeMethod(GroovyRuntimeUtil.java:171)\n\
        \tat org.spockframework.runtime.SpockRuntime.verifyMethodCondition(SpockRuntime.java:107)\n\
        \tat hudson.plugins.gradle.ConfigurationAsCodeTest.$spock_feature_1_2(ConfigurationAsCodeTest.groovy:59)\n\
        \tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\
        \tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\
        \tat java.lang.reflect.Method.invoke(Method.java:498)\n\tat org.spockframework.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:200)\n\
        \tat org.spockframework.runtime.model.MethodInfo.invoke(MethodInfo.java:113)\n\
        \tat org.spockframework.runtime.BaseSpecRunner.invokeRaw(BaseSpecRunner.java:484)\n\
        \tat org.spockframework.runtime.BaseSpecRunner.invoke(BaseSpecRunner.java:467)\n\
        \tat org.spockframework.runtime.BaseSpecRunner.runFeatureMethod(BaseSpecRunner.java:408)\n\
        \tat org.spockframework.runtime.BaseSpecRunner.doRunIteration(BaseSpecRunner.java:322)\n\
        \tat org.spockframework.runtime.BaseSpecRunner$6.invoke(BaseSpecRunner.java:306)\n\
        \tat org.spockframework.runtime.extension.MethodInvocation.proceed(MethodInvocation.java:98)\n\
        \tat org.spockframework.runtime.extension.builtin.AbstractRuleInterceptor$1.evaluate(AbstractRuleInterceptor.java:37)\n\
        \tat org.junit.rules.TestWatcher$1.evaluate(TestWatcher.java:55)\n\tat org.jvnet.hudson.test.JenkinsRule$1.evaluate(JenkinsRule.java:552)\n\
        \tat org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)\n\
        \tat org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)\n\
        \tat java.util.concurrent.FutureTask.run(FutureTask.java:266)\n\tat java.lang.Thread.run(Thread.java:748)\n"
      disableRememberMe: false
      mode: NORMAL
      numExecutors: 2
      primaryView:
        all:
          name: "all"
      quietPeriod: 5
      scmCheckoutRetryCount: 0
      slaveAgentPort: 0
      views:
      - all:
          name: "all"
    tool:
      jdk:
        defaultProperties:
        - installSource:
            installers:
            - jdkInstaller:
                acceptLicense: false
        installations:
        - home: "/usr/lib/jvm/java-8-openjdk/jre"
          name: "default"

rene.scheibe@gmail.com (JIRA)

unread,
Jan 2, 2019, 2:03:02 PM1/2/19
to jenkinsc...@googlegroups.com
René Scheibe edited a comment on Bug JENKINS-55240
I am a bit confused - the {{TestCrumbIssuer}} contained in the issue title is not contained in the provided stacktrace. Why is that?

I hit the same/similar problem with {{TestCrumbIssuer}} when testing for JCasC compatibility.

Running {{ConfigurationAsCode.get().export(System.out)}} in tests results in the following output.

*Jenkins Log*
{code}

0.262 [id=110] WARNING i.j.p.c.i.DefaultConfiguratorRegistry#internalLookup: Configuration-as-Code can't handle type class org.jvnet.hudson.test.TestCrumbIssuer
{code}
*JCasC Output*
{code}
{code}

o.v.nenashev@gmail.com (JIRA)

unread,
May 24, 2019, 6:27:04 AM5/24/19
to jenkinsc...@googlegroups.com
Oleg Nenashev updated an issue
Change By: Oleg Nenashev
{code }
java.lang.RuntimeException : java .io.IOException: java.lang.RuntimeException: Failed to serialize jenkins.model.Jenkins#clouds for class hudson.model.Hudson }
at hudson.util.PersistedList._onModified(PersistedList.java:183)
at hudson.util.PersistedList.add(PersistedList.java:72)
at org.csanchez.jenkins.plugins.kubernetes.KubernetesSlaveTest.testGetPodRetention(KubernetesSlaveTest.java:93)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.jvnet.hudson.test.JenkinsRule$1.evaluate(JenkinsRule.java:552)
at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:298)
at org.junit.internal.runners.statements.FailOnTimeout$CallableStatement.call(FailOnTimeout.java:292)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.lang.Thread.run(Thread.java:748)
Caused by: java. io.IOException: java. lang. RuntimeException: Failed to serialize jenkins.model.Jenkins#clouds for class hudson.model.Hudson

at hudson.XmlFile.write(XmlFile.java:200)
at jenkins.model.Jenkins.save(Jenkins.java:3221)
at hudson.util.PersistedList.onModified(PersistedList.java:173)
at jenkins.model.Jenkins$CloudList.onModified(Jenkins.java:501)
at hudson.util.PersistedList._onModified(PersistedList.java:181)
... 15 more
Caused by: java.lang.RuntimeException: Failed to serialize jenkins.model.Jenkins#clouds for class hudson.model.Hudson
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:256)
at hudson.util.RobustReflectionConverter$2.visit(RobustReflectionConverter.java:224)
at com.thoughtworks.xstream.converters.reflection.PureJavaReflectionProvider.visitSerializableFields(PureJavaReflectionProvider.java:138)
at hudson.util.RobustReflectionConverter.doMarshal(RobustReflectionConverter.java:209)
at hudson.util.RobustReflectionConverter.marshal(RobustReflectionConverter.java:150)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core.TreeMarshaller.start(TreeMarshaller.java:82)
at com.thoughtworks.xstream.core.AbstractTreeMarshallingStrategy.marshal(AbstractTreeMarshallingStrategy.java:37)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1026)
at com.thoughtworks.xstream.XStream.marshal(XStream.java:1015)
at com.thoughtworks.xstream.XStream.toXML(XStream.java:988)
at hudson.XmlFile.write(XmlFile.java:193)
... 19 more
Caused by: java.lang. UnsupportedOperationException: Refusing to marshal org. csanchez jvnet . jenkins hudson . plugins test . kubernetes.KubernetesCloud TestCrumbIssuer for security reasons; see https://jenkins.io/redirect/class-filter/
at hudson.util.XStream2$BlacklistedTypesConverter.marshal(XStream2.java: 543 546 )
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.
TreeMarshaller.convertAnother(TreeMarshaller.java:43)
at com.thoughtworks.xstream.core. AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java: 88)

at com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter.writeItem(AbstractCollectionConverter.java:64)
at hudson.util.DescribableList$ConverterImpl.marshal(DescribableList.java:269)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller.convert(AbstractReferenceMarshaller.java:69)
at com.thoughtworks.xstream.core.TreeMarshaller.convertAnother(TreeMarshaller.java:58)
at com.thoughtworks.xstream.core.AbstractReferenceMarshaller$1.convertAnother(AbstractReferenceMarshaller.java:
84)
at hudson.util.RobustReflectionConverter.marshallField(RobustReflectionConverter.java:265)
at hudson.util.RobustReflectionConverter$2.writeField(RobustReflectionConverter.java:252)
... 32 39 more
{code}

o.v.nenashev@gmail.com (JIRA)

unread,
May 24, 2019, 6:30:02 AM5/24/19
to jenkinsc...@googlegroups.com
Oleg Nenashev commented on Bug JENKINS-55240
 
Re: Refusing to marshal org.jvnet.hudson.test.TestCrumbIssuer for security reasons

Removed the confusing description. IIUc the issue is still there, Abhyudaya Sharma has hit it recently in Role Strategy plugin tests.

My suggestion would be to whitelist the serialization in the entire JTH library to avoid such issues in the future. We just need to add "Jenkins-ClassFilter-Whitelisted=true" to the manifest (https://jenkins.io/blog/2018/01/13/jep-200/#making-plugins-compatible-with-jenkins-2-102-or-above). WDYT Jesse Glick?

 

jglick@cloudbees.com (JIRA)

unread,
Jun 3, 2019, 2:11:02 PM6/3/19
to jenkinsc...@googlegroups.com

As per this logic it should not be necessary. Is there a specific way to reproduce this error?
Reply all
Reply to author
Forward
0 new messages