On Sun, Nov 9, 2014 at 5:00 AM, Jeremy Marshall <[email protected]> wrote: > I'd like to add a 'file form workspace' option to the script security > plugin. A radio button where you can pick either a script or a file from > SCM. I've been trying to add this in but I think the main problem is that > most of the logic drives from the constructor which expects the script to > exist.
Only for the convenience class SecureGroovyScript. You can bypass this and load script text from other sources. > So if it is a file then this needs to be resolved just before > execution. I think the logic of the security would be fine for this case > with the non admin having to have the script verified. For scripts run in the Groovy sandbox this is fine. But for whole-script approval it does not make that much sense. An administrator cannot simply approve a filename in the workspace, because anyone able to configure the job or commit to that repository could modify that script at any time to be malicious. There *is* ApprovedClasspathEntry, but it really works best when the content of the URL is static, so that once approved, the library entry can be used many times without further intervention. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
