[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)

2018-04-26 Thread tlopes...@outlook.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Tiago Lopes commented on  JENKINS-50982  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: AppScanStandardBuilder persists PrintStream to the disk (JEP-200)   
 

  
 
 
 
 

 
 I'll have a look into it and deploy an update asap, thanks.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)  
 
 

 
   
 

  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)

2018-04-24 Thread o.v.nenas...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Oleg Nenashev assigned an issue to Tiago Lopes  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-50982  
 
 
  AppScanStandardBuilder persists PrintStream to the disk (JEP-200)   
 

  
 
 
 
 

 
Change By: 
 Oleg Nenashev  
 
 
Assignee: 
 Kevin Fealey Tiago Lopes  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)  
 
 

 
   
 

  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)

2018-04-24 Thread o.v.nenas...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Oleg Nenashev updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-50982  
 
 
  AppScanStandardBuilder persists PrintStream to the disk (JEP-200)   
 

  
 
 
 
 

 
Change By: 
 Oleg Nenashev  
 

  
 
 
 
 

 
 According to the code inspection, there is a JEP-200 issue in the plugin: * https://github.com/jenkinsci/ibm-security- appscansource appscanstandard -scanner-plugin/blob/ 3a925c5b9016a6a5db8c5c68d2764805a4603f94 62c0967a9d2e623d6eb97dd2c2f354f9ff87f5ac /src/main/java/ com appscanstdrdintegration / aspectsecurity appscanstandard / automationservices/plugins/jenkins/appscansource/AppScanSourceBuilder AppScanStandardBuilder .java# L55 L146 This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk. Useful links about JEP-200:* Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/* JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)

2018-04-24 Thread o.v.nenas...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Oleg Nenashev updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-50982  
 
 
  AppScanStandardBuilder persists PrintStream to the disk (JEP-200)   
 

  
 
 
 
 

 
Change By: 
 Oleg Nenashev  
 
 
Component/s: 
 ibm-security-appscanstandard-scanner-plugin  
 
 
Component/s: 
 ibm-security-appscansource-scanner-plugin  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)  
 
 

 
   
 

  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[JIRA] (JENKINS-50982) AppScanStandardBuilder persists PrintStream to the disk (JEP-200)

2018-04-24 Thread o.v.nenas...@gmail.com (JIRA) 
Title: Message Title


 
 
 
 

 
 
 

 
   
 Oleg Nenashev created an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Jenkins /  JENKINS-50982  
 
 
  AppScanStandardBuilder persists PrintStream to the disk (JEP-200)   
 

  
 
 
 
 

 
Issue Type: 
  Bug  
 
 
Assignee: 
 Kevin Fealey  
 
 
Components: 
 ibm-security-appscansource-scanner-plugin  
 
 
Created: 
 2018-04-24 23:44  
 
 
Labels: 
 JEP-200  
 
 
Priority: 
  Minor  
 
 
Reporter: 
 Oleg Nenashev  
 

  
 
 
 
 

 
 According to the code inspection, there is a JEP-200 issue in the plugin:  
 
https://github.com/jenkinsci/ibm-security-appscansource-scanner-plugin/blob/3a925c5b9016a6a5db8c5c68d2764805a4603f94/src/main/java/com/aspectsecurity/automationservices/plugins/jenkins/appscansource/AppScanSourceBuilder.java#L55 
 This code likely causes a JEP-200 security exception when the object gets persisted to the disk. "java.io.PrintStream" is not whitelisted in Jenkins for a reason, because loggers are not expected reliably after being deserialized from the disk.  Useful links about JEP-200: 
 
Blog post for users: https://jenkins.io/blog/2018/03/15/jep-200-lts/ 
JEP-200 guidelines for plugin developers: https://jenkins.io/blog/2018/01/13/jep-200/#for-plugin-developers