The default security restrictions are very tight. There are many
things you can't do that would severely restrict any reasonable
scripting approach. If you control the scripts you run, there's little
point to not removing restrictions for the methods you need to call.
On Thu, Dec 1, 2016 at 8:26 AM, <harold.put...@lexmark.com> wrote:
> I was trying to parse and XML file with XmlSlurper like described here
> def text = '''
> def list = new XmlSlurper().parseText(text)
> println list.technology.name.text()
> Using a GPath expression like this list.technology.name.text() works fine
> but requires an admin to allow "method groovy.lang.GroovyObject getProperty
> java.lang.String" which the script security plugin recommends against
> ("Approving this signature may introduce a security vulnerability! You are
> advised to deny it."). Since I am not the owner of the Jenkins instance, I
> am not sure I can convince them this is OK to approve.
> Is there a way to write the code such that it does not depend on
> GroovyObject.getProperty being permitted? Or is there someway to configure
> Jenkins so that this can work?
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.