[JIRA] (JENKINS-53800) Whitelisting misc. methods

6 views
Skip to first unread message

haridara@gmail.com (JIRA)

unread,
Sep 26, 2018, 1:03:02 PM9/26/18
to jenkinsc...@googlegroups.com
Hari Dara created an issue
 
Jenkins / Improvement JENKINS-53800
Whitelisting misc. methods
Issue Type: Improvement Improvement
Assignee: Hari Dara
Components: script-security-plugin
Created: 2018-09-26 17:02
Environment: Jenkins 2.89.3 
Pipeline Groovy 2.53 
Script Security Plugin 1.44
Priority: Major Major
Reporter: Hari Dara

The following operations are currently not whitelisted but they should be safe:

  • isinstance check
  • java.lang.Throwable.getCause()
  • java.util.Arrays.asList()
  • java.util.regex.MatchResult.group(String)
  • List - List
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

haridara@gmail.com (JIRA)

unread,
Sep 26, 2018, 1:08:01 PM9/26/18
to jenkinsc...@googlegroups.com

haridara@gmail.com (JIRA)

unread,
May 6, 2019, 10:31:02 AM5/6/19
to jenkinsc...@googlegroups.com

haridara@gmail.com (JIRA)

unread,
Aug 9, 2019, 12:30:02 PM8/9/19
to jenkinsc...@googlegroups.com
 
Re: Whitelisting misc. methods

Devin Nusbaum: Could you update the status for this one too?

dnusbaum@cloudbees.com (JIRA)

unread,
Aug 9, 2019, 1:00:06 PM8/9/19
to jenkinsc...@googlegroups.com
Devin Nusbaum resolved as Fixed
 

Hari Dara Updated. Are you sure you don't have access to modify the ticket yourself when logged in? I don't think there is anything special about my account, you just need to be logged in, then click "Workflow", then "Resolved".
Change By: Devin Nusbaum
Status: Open Resolved
Resolution: Fixed
Released As: script-security 1.47

haridara@gmail.com (JIRA)

unread,
Aug 10, 2019, 12:21:02 PM8/10/19
to jenkinsc...@googlegroups.com
 
Re: Whitelisting misc. methods

I guess I just couldn't figure out how to do it, thanks for pointing it out. However, how would I know what to enter for "Released As"?

dnusbaum@cloudbees.com (JIRA)

unread,
Aug 12, 2019, 9:32:03 AM8/12/19
to jenkinsc...@googlegroups.com
Devin Nusbaum commented on Improvement JENKINS-53800
 
Re: Whitelisting misc. methods

Yeah, in that case you'd have to go through the changelog on the wiki and figure out what version it was released in. Normally the person who released the plugin should update the ticket, probably someone just forgot for your two tickets. It helps if in GitHub you make the PR title start with "[JENKINS-XXXXX]" and add a "See JENKINS-XXXXX" link to the PR description, but in this case you already did that, so nothing wrong on your side.
Reply all
Reply to author
Forward
0 new messages