[JIRA] (JENKINS-36206) Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest
Title: Message Title Jesse Glick commented on JENKINS-36206 Re: Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest Well approve that method. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-36206) Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest
Title: Message Title
Owen Wood created an issue
Jenkins / JENKINS-36206
Add staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int to generic-whiteliest
Issue Type:
Improvement
Assignee:
Jesse Glick
Components:
script-security-plugin
Created:
2016/Jun/24 3:28 AM
Priority:
Minor
Reporter:
Owen Wood
Pending review of course. Not sure what security implications there might be here. To reproduce:
node {
env.WORKSPACE = pwd()
test = env.WORKSPACE.drop(3)
}
Results in:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods drop java.lang.CharSequence int
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticMethod(StaticWhitelist.java:174)
Reproducible with Sandbox enabled (or using Jenkinsfile obviously)
