[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Jesse Glick commented on JENKINS-31234 Re: Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter The current UI is nonexistent, just the quickest thing that worked to solve SECURITY-125. Would be an RFE in matrix-project-plugin to provide an easier to preview filter changes including potential script security violations. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Darrel Vuncannon updated an issue Jenkins / JENKINS-31234 Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter The advised work around in fact works, but it took 2 failed attempts and 2 trips to "in process script approvals" to get it to work. Jesse: thank you for the workaround instructions! There really should be a more graceful way to make this change than getting these exceptions. Darrel's Details I verified the syntax beforehand in Script Console: Here's my config change attempt: Upon clicking save, the resulting exception started: javax.servlet.ServletException: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticMethod java.util.Calendar getInstance at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:796) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) I went to "Manage Jenkins" > "In process Script Approval" and clicked button "Approve". I repeated the test cycle, getting a exception with javax.servlet.ServletException: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method java.util.Calendar get int Again, "Manage Jenkins" > "In process Script Approval" and click button "Approve". This time, the config loaded (as shown by read-only configuration plugin)! Change By: Darrel Vuncannon Attachment: cci_1747__workaround_config_change.png Attachment: cci_1747__workaround_scriptconsole.png Attachment:
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title SCM/JIRA link daemon commented on JENKINS-31234 Re: Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/c3212ef18c78a905796b0b0ca1eb6c4b262ea289 Log: [FIXED JENKINS-31234] Groovy allows Singleton.instance as an alias for Singleton.getInstance(). Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title SCM/JIRA link daemon resolved as Fixed Jenkins / JENKINS-31234 Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Change By: SCM/JIRA link daemon Status: In Progress Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title SCM/JIRA link daemon commented on JENKINS-31234 Re: Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/805b99cbea4eaedd64821f5f625ec4317037b354 Log: Merge pull request #31 from jglick/static-getter- JENKINS-31234 JENKINS-31234 Support Singleton.instance syntax Compare: https://github.com/jenkinsci/script-security-plugin/compare/e61d09361e22...805b99cbea4e Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Jesse Glick commented on JENKINS-31234 Re: Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Yes, the fix was to a broad class of singleton idioms that had apparently not gotten tested before; and I also whitelisted the Calendar members used in this example. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Darrel Vuncannon commented on JENKINS-31234 Re: Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Jesse: Thanks for your work around and the fix that I see you committed. As far as I'm concerned, this ticket may be closed. I don't plan to pursue the RFE for matrix-project-plugin, because I don't think my company makes changes there often enough to warrant my time. Thanks again! Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Darrel Vuncannon created an issue Jenkins / JENKINS-31234 Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Issue Type: Bug Assignee: Jesse Glick Attachments: cci_1747__config_w_combo_filter.png, cci_1747__job_xml.txt, cci_1747__plugin_versions.txt, cci_1747__webpage_exception.png Components: script-security-plugin Created: 28/Oct/15 3:04 PM Environment: We're running Jenkins core version LTS 1.596.3 and the plugins listed in attachment "cci_1747__plugin_versions.txt". The master and slaves on Windows Server 2008. Labels: exception configuration Priority: Minor Reporter: Darrel Vuncannon We get an exception in Jenkins when trying to reference
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Jesse Glick started work on JENKINS-31234 Change By: Jesse Glick Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-31234) Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter
Title: Message Title Jesse Glick commented on JENKINS-31234 Re: Unable to reference Calendar.instance.get(Calendar.DAY_OF_MONTH) in matrix job's combination filter Use .getInstance() rather than .instance as a workaround. You will still need to whitelist some fields and methods in Manage Jenkins » In-Process Script Approval but after that it should work. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
