Adding .groovy files to secured script classpath
70 views
Skip to first unread message
Oliver Gondža
Jun 23, 2017, 5:07:58 AM6/23/17
to jenkins...@googlegroups.com, Jesse Glick
Back before script-security started to actively prevent directories on
script classpaths[1] (such as for groovy-postbuild plugin), it was a
common practice to add a directory with bunch of .groovy files and use
the classes from the script. However, since script-security disallowed
this it does no longer work. I was thinking about migrating out users to
secure variant by consolidating the directory into a single file (or
using one CP entry par file in that directory) that will be properly
approved by script-security but it seems the groovy will not load the
classes if the files are on the classpath (it work with directories only).
```
$ groovy -cp libdir/Lib.groovy -e 'Lib.method()'
Caught: groovy.lang.MissingPropertyException: No such property: Lib for
class: script_from_command_line
groovy.lang.MissingPropertyException: No such property: Lib for class:
script_from_command_line
at script_from_command_line.run(script_from_command_line:1)
$ groovy -cp libdir/ -e 'Lib.method()'
Hello World!
```
I experience the same from Jenkins. Also, this change seems to make this
KB entry[2] obsolete.
Do I miss something? Is there any way to get this to work with
script-security? I would really like to avoid building .jars out of it...
[1] https://issues.jenkins-ci.org/browse/JENKINS-24399
[2]
https://support.cloudbees.com/hc/en-us/articles/218576338-How-to-load-external-class-in-Groovy-Postbuild-action
Thanks
--
oliver
script classpaths[1] (such as for groovy-postbuild plugin), it was a
common practice to add a directory with bunch of .groovy files and use
the classes from the script. However, since script-security disallowed
this it does no longer work. I was thinking about migrating out users to
secure variant by consolidating the directory into a single file (or
using one CP entry par file in that directory) that will be properly
approved by script-security but it seems the groovy will not load the
classes if the files are on the classpath (it work with directories only).
```
$ groovy -cp libdir/Lib.groovy -e 'Lib.method()'
Caught: groovy.lang.MissingPropertyException: No such property: Lib for
class: script_from_command_line
groovy.lang.MissingPropertyException: No such property: Lib for class:
script_from_command_line
at script_from_command_line.run(script_from_command_line:1)
$ groovy -cp libdir/ -e 'Lib.method()'
Hello World!
```
I experience the same from Jenkins. Also, this change seems to make this
KB entry[2] obsolete.
Do I miss something? Is there any way to get this to work with
script-security? I would really like to avoid building .jars out of it...
[1] https://issues.jenkins-ci.org/browse/JENKINS-24399
[2]
https://support.cloudbees.com/hc/en-us/articles/218576338-How-to-load-external-class-in-Groovy-Postbuild-action
Thanks
--
oliver
Jesse Glick
Jun 30, 2017, 10:27:34 AM6/30/17
to jenkins...@googlegroups.com, Oliver Gondža
On Fri, Jun 23, 2017 at 5:07 AM, Oliver Gondža <ogo...@gmail.com> wrote:
> I was thinking about migrating out users to secure variant by
> consolidating the directory into a single file
No, this is not possible.
> I was thinking about migrating out users to secure variant by
> consolidating the directory into a single file
> I would really like to avoid building .jars out of it...
jer...@bodycad.com
Jun 30, 2017, 1:10:32 PM6/30/17
to Jenkins Users, ogo...@gmail.com
"In the name of security you shall not pass!"
Run you stuff into a sh/bat/powershell with python/perl/bash script and get over the false security wall.
Ok, I'm out of here!
Reply all
Reply to author
Forward
0 new messages