Thank you for your answer,
I will try that Actually I'm not trying to only delete the directory but to 
create/clean it up.

I was using the File just beacuseI might have landed to the wrong google 
page :-)
I'm verry new to Jenkins and pipelines and I always want to do complicated 
things.

I agree that whitelisting all the methods probably is not a good Idea.
And that leads me to two questions.

Why a person is not allowed to do anything in his workspace? 
     is the workspace shared by several executions or it is created each 
time a pipeline is executed.

Why there is no sandbox check for multibranch pipelines as it is for 
regular ones.
In this case yes I am the Jenkins admin and I know that multi-Branch 
pipeline where is it conected to.
So if I have the control of the code It would be nice to allow it to run I 
mean I might want to create some admin utilities an put them there
knowing that they will only run because they are on that multi branch 
pipeline that I can control and users still can not execute nasty things.

Thank you.
Thoughts to my two intriguing questions are wellcome.



El jueves, 21 de marzo de 2019, 5:31:24 (UTC+1), Mark Waite escribió:
>
> I don't think it is safe to whitelist the java File object or its methods.
>
> Is there a reason you're not relying on the ability of the dir step to 
> create a directory if one does not exist?  Refer to 
> https://stackoverflow.com/questions/42654875/jenkins-pipeline-create-directory
>  
> for the stackoverflow comments.
>
> I wrote the following small test that seems to create a directory, add 
> contents, then remove the directory, using the DSL rather than using java 
> File methods.
>
> node('!windows') {
>     echo 'entering'
>     sh 'ls -alrR'
>     echo 'deleting contents'
>     deleteDir()
>     echo 'after content delete'
>     sh 'ls -alrR'
>     dir('some-dir') {
>        sh 'date >> datefile'
>     }
>     echo 'after content create'
>     sh 'ls -alrR'
> }
>
> On Wed, Mar 20, 2019 at 8:24 PM Jan Monterrubio <[email protected] 
> <javascript:>> wrote:
>
>> There’s an admin view for white listing method calls. If you don’t have 
>> admin access you can’t see it. 
>>
>> On Wed, Mar 20, 2019 at 14:03 Guybrush Threepwood <[email protected] 
>> <javascript:>> wrote:
>>
>>> hello I have a Jenkins fileas part of a multibranch pipeline But I'm 
>>> getting seccurityissues when trying to create a directory inside the 
>>> workspace how can either disable the sandbox for this pipeline or whitelist 
>>> the methods I need to use from my code
>>> Thanks.
>>> This is the code:
>>> ============================================================
>>> import java.io.File;
>>> import java.io.IOException;
>>> import org.apache.commons.io.FileUtils;
>>>
>>> //autocancelled = false
>>> node ('AnsibleBuild') {
>>>         try {
>>>         checkout scm
>>>         def versions = readJSON file: 'versions.json'
>>>                 stage('Getting Python source Code') {
>>>                         echo " before del try"
>>>                                 try {
>>>                                         echo "inside try";
>>>                                         *File f = new File("python");*
>>>                                         echo "after new file";
>>>                                         //FileUtils.cleanDirectory(f); 
>>> //clean out directory (this is optional -- but good know)
>>>                                         FileUtils.forceDelete(f); 
>>> //delete directory
>>>                                         //FileUtils.forceMkdir(f); 
>>> //create directory
>>>                                 }
>>>                                 catch (IOException e) {
>>>                                         echo "pinazo cleaning python"
>>>                                         echo e.getStackTrace();
>>>                                 } // catch delete dir
>>>                          echo "Despues del try"
>>>                          sh 'pwd'
>>>                          sh 'ls -la'
>>>                          sh 'mkdir python'
>>>                                 dir("python") {
>>>                                         echo 'Downloading Python code 
>>> from: https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz'
>>>                                         sh 'curl 
>>> https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz -o 
>>> Python-3.7.2.tgz'
>>>                                         sh 'file Python-3.7.2.tgz' // 
>>> needs to be checked that we downloaded a tgz file
>>>                                         sh 'tar -xzvf Python-3.7.2.tgz'
>>>                                 } //dir python
>>>                 } // stage
>>>         currentBuild.result = 'SUCCESS'
>>>         } //try node
>>>         catch (e) {
>>>                 echo "General Fostion";
>>>                 echo "trace General" + e.getStackTrace();
>>>                 currentBuild.result = 'FAILURE'
>>>         } //end catch
>>> try {
>>>   echo "Cleaning WS"
>>>   dir(python) {
>>>         deleteDir()
>>>         }
>>> } //try clena WS
>>> catch (e) {
>>>         echo "Error Cleaning WS";
>>>         echo "trace cleaning" + e.getStackTrace();
>>>         currentBuild.result = 'FAILURE'
>>> } //catch clena WS
>>> } //node
>>> ========================================================
>>>
>>> And I'm getting error: for line 14 
>>>
>>> trace 
>>> General[org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectNew(StaticWhitelist.java:184),
>>>  
>>> org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:170),
>>>  org.kohsuke.groovy.sandbox.impl.Checker$3.call(Checker.java:197), 
>>> org.kohsuke.groovy.sandbox.impl.Checker.checkedConstructor(Checker.java:202),
>>>  
>>> com.cloudbees.groovy.cps.sandbox.SandboxInvoker.constructorCall(SandboxInvoker.java:21),
>>>  WorkflowScript.run(WorkflowScript:14), ___cps.transform___(Native Method), 
>>> com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:96),
>>>  
>>> com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82),
>>>  sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source), 
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43),
>>>  java.lang.reflect.Method.invoke(Method.java:498), 
>>> com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72),
>>>  com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21), 
>>> com.cloudbees.groovy.cps.Next.step(Next.java:83), 
>>> com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174), 
>>> com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163), 
>>> org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129),
>>>  
>>> org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268),
>>>  com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163), 
>>> org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$101(SandboxContinuable.java:34),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.SandboxContinuable.lambda$run0$0(SandboxContinuable.java:59),
>>>  
>>> org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:136),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:58),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:182),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:332),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$200(CpsThreadGroup.java:83),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:244),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:232),
>>>  
>>> org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64),
>>>  java.util.concurrent.FutureTask.run(FutureTask.java:266), 
>>> hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131),
>>>  
>>> jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28),
>>>  
>>> jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59),
>>>  java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511), 
>>> java.util.concurrent.FutureTask.run(FutureTask.java:266), 
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149),
>>>  
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624),
>>>  java.lang.Thread.run(Thread.java:748)]
>>>
>>> Any ideas how to fix this. what is the right way of targeting this kind 
>>> of issue?
>>> Thanks.
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Jenkins Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to [email protected] <javascript:>.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/jenkinsci-users/ec75388f-8a03-424f-a9ca-43fd1d9ba452%40googlegroups.com
>>>  
>>> <https://groups.google.com/d/msgid/jenkinsci-users/ec75388f-8a03-424f-a9ca-43fd1d9ba452%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-users/CADgiF9JDdznaJaQ3wP%2BRA8_YXRcc%3DMq_JtXNU6R56OBUKSFaLg%40mail.gmail.com
>>  
>> <https://groups.google.com/d/msgid/jenkinsci-users/CADgiF9JDdznaJaQ3wP%2BRA8_YXRcc%3DMq_JtXNU6R56OBUKSFaLg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Thanks!
> Mark Waite
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/1bb8fc53-c418-4d7e-994c-97b96b727ba4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to