[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)
Title: Message Title Tiago Lopes commented on JENKINS-50982 Re: AppScanStandardBuilder persists PrintStream to the disk (JEP-200) I'll have a look into it and deploy an update asap, thanks. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev assigned an issue to Tiago Lopes Jenkins / JENKINS-50982 AppScanStandardBuilder persists PrintStream to the disk (JEP-200) Change By: Oleg Nenashev Assignee: Kevin Fealey Tiago Lopes Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-50982 AppScanStandardBuilder persists PrintStream to the disk (JEP-200) Change By: Oleg Nenashev According to the code inspection, there is a JEP-200 issue in the plugin: * https://github.com/jenkinsci/ibm-security- appscansource appscanstandard -scanner-plugin/blob/ 3a925c5b9016a6a5db8c5c68d2764805a4603f94 62c0967a9d2e623d6eb97dd2c2f354f9ff87f5ac /src/main/java/ com appscanstdrdintegration / aspectsecurity appscanstandard / automationservices/plugins/jenkins/appscansource/AppScanSourceBuilder AppScanStandardBuilder .java# L55 L146 This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk. Useful links about JEP-200:* Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/* JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev updated an issue Jenkins / JENKINS-50982 AppScanStandardBuilder persists PrintStream to the disk (JEP-200) Change By: Oleg Nenashev Component/s: ibm-security-appscanstandard-scanner-plugin Component/s: ibm-security-appscansource-scanner-plugin Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)
Title: Message Title Oleg Nenashev created an issue Jenkins / JENKINS-50982 AppScanStandardBuilder persists PrintStream to the disk (JEP-200) Issue Type: Bug Assignee: Kevin Fealey Components: ibm-security-appscansource-scanner-plugin Created: 2018-04-24 23:44 Labels: JEP-200 Priority: Minor Reporter: Oleg Nenashev According to the code inspection, there is a JEP-200 issue in the plugin: https://github.com/jenkinsci/ibm-security-appscansource-scanner-plugin/blob/3a925c5b9016a6a5db8c5c68d2764805a4603f94/src/main/java/com/aspectsecurity/automationservices/plugins/jenkins/appscansource/AppScanSourceBuilder.java#L55 This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk. Useful links about JEP-200: Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/ JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers