[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Jesse Glick commented on JENKINS-42214 Re: Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static Ah…I am already checking static in MethodSignature and StaticMethodSignature, but not FieldSignature or StaticFieldSignature. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Reinhold Füreder commented on JENKINS-42214 Re: Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static Oh, okay, I am sorry for my misunderstanding and must admit that your approach (fixing MethodSignature.exists so that no such mistake could happen again) is the right one... Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Jesse Glick commented on JENKINS-42214 Re: Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static I claim that the current entries are just wrong I was not disputing that, only pointing out that the proper fix also involves fixing MethodSignature.exists so that no such mistake could happen again. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Reinhold Füreder commented on JENKINS-42214 Re: Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static Well, I claim that the current entries are just wrong then. And since I am actually needing and actively using such static field whitelist entries in other contexts (e.g. "staticField hudson.model.Result FAILURE", cf. JENKINS-35352) with success, I was pretty confident that this would help here as well... Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Jesse Glick assigned an issue to Unassigned The whitelist validation code must have been buggy to accept this to begin with, so a proper fix involves code changes. Jenkins / JENKINS-42214 Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static Change By: Jesse Glick Assignee: Jesse Glick Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Reinhold Füreder assigned an issue to Jesse Glick I apologize for the direct assignment to you, Jesse, but I dared to do that, because (a) you seem to be the official maintainer of the plugin (see https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Plugin) and (b) I hope this is a low hanging fruit Jenkins / JENKINS-42214 Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static Change By: Reinhold Füreder Assignee: Jesse Glick Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options,
[JIRA] (JENKINS-42214) Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static
Title: Message Title Reinhold Füreder created an issue Jenkins / JENKINS-42214 Field entries for hudson.scm.EditType fields in "jenkins-whitelist" must be static Issue Type: Bug Assignee: Unassigned Components: script-security-plugin Created: 2017/Feb/21 10:09 AM Environment: Jenkins 2.46, Script Security Plugin 1.26 Priority: Critical Reporter: Reinhold Füreder Since hudson.scm.EditType implementation has not changed in the last 10 years, I think either the white listing never ever worked, or (less likely?) the white listing syntax changed and in the past there was no differentiation between static and non-static fields. Anyway, could you please change the following in "org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist": From old: field hudson.scm.EditType ADD field hudson.scm.EditType DELETE field hudson.scm.EditType EDIT => New: staticField hudson.scm.EditType ADD staticField hudson.scm.EditType DELETE staticField hudson.scm.EditType EDIT