[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title
Murugesh Subramaniam commented on JENKINS-50470
Re: Cannot evaluate ArrayList.name inside Groovy Sandbox
I am facing the same issue at 1.71 I am using FolderProperties in Pipeline job In my pipeline jenkins Code: withFolderProperties{ echo "URL STEP 1: ${env.testURL}" } Getting below error: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: No such field found: field java.lang.String testURL Any workaround?
Add Comment
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.189530.152227678.11121.1586889300342%40Atlassian.JIRA.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title
Alex Varju edited a comment on JENKINS-50470
Re: Cannot evaluate ArrayList.name inside Groovy Sandbox
Unfortunately, no. In the case above, I had to refactor my code to use ` {{ someList.size() ` }} Since commenting previously, I've encountered at least one other example of a similar failure:{noformat}def tuple = new Tuple2( 'a', 'b' )println tuple.first{noformat} Which results in:{noformat}RejectedAccessException: No such field found: field java.lang.String first{noformat} And again, changing {{tuple.first}} to {{tuple.getFirst()}} works around the issue.
Add Comment
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Alex Varju commented on JENKINS-50470 Re: Cannot evaluate ArrayList.name inside Groovy Sandbox Unfortunately, no. In the case above, I had to refactor my code to use `someList.size()` Since commenting previously, I've encountered at least one other example of a similar failure: def tuple = new Tuple2( 'a', 'b' ) println tuple.first Which results in: RejectedAccessException: No such field found: field java.lang.String first And again, changing tuple.first to tuple.getFirst() works around the issue. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Marco Moikl commented on JENKINS-50470 Re: Cannot evaluate ArrayList.name inside Groovy Sandbox Alex Varju, did you solve the issue? I have your same problem. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Alex Varju commented on JENKINS-50470 Re: Cannot evaluate ArrayList.name inside Groovy Sandbox I'm seeing very similar behaviour with 1.44. In my freestyle job I've got this Groovy: def someList = [1, 2, 3] println someList.size When the sandbox is enabled, this ends up throwing: RejectedAccessException: No such field found: field java.lang.Integer size Changing the list to contain strings changes the error to: RejectedAccessException: No such field found: field java.lang.String size Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, s
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Andrew Bayer updated JENKINS-50470 Will be in next release of script-security, presumably 1.44. Jenkins / JENKINS-50470 Cannot evaluate ArrayList.name inside Groovy Sandbox Change By: Andrew Bayer Status: In Review Resolved Resolution: Fixed Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://grou
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title SCM/JIRA link daemon commented on JENKINS-50470 Re: Cannot evaluate ArrayList.name inside Groovy Sandbox Code changed in jenkins User: Andrew Bayer Path: pom.xml src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java http://jenkins-ci.org/commit/script-security-plugin/f7601abde0df3fec15be935ad95473959185f0a4 Log: [FIXED JENKINS-50470] Treat someList.someField as spread. See upstream PR at https://github.com/jenkinsci/groovy-sandbox/pull/46, but the gist is that Groovy's normal behavior for this is to treat it the same as we do spread cases - iterate over the list to get the value from each object in the list and return the resulting list. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Jesse Glick commented on JENKINS-50470 Re: Cannot evaluate ArrayList.name inside Groovy Sandbox Would never have dreamed that this would be legal Groovy. Ugh. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Andrew Bayer commented on JENKINS-50470 Re: Cannot evaluate ArrayList.name inside Groovy Sandbox Well, yeah, that turned out to be pretty simple. PRs up. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Andrew Bayer updated JENKINS-50470 Jenkins / JENKINS-50470 Cannot evaluate ArrayList.name inside Groovy Sandbox Change By: Andrew Bayer Status: In Progress Review Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Andrew Bayer started work on JENKINS-50470 Change By: Andrew Bayer Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title
Andrew Bayer commented on JENKINS-50470
Re: Cannot evaluate ArrayList.name inside Groovy Sandbox
So yeah, the gist here is that script-security tries to go straight to someList.getName() and onward to someList.name (the field directly), which isn't right and fails out. It should effectively be calling someList.getAt("name"), as done through MetaClassImpl.getProperty. I think we just need to get Checker.checkedGetProperty to treat a Collection receiver as if it were a spread operation (which is already supported). I'm experimenting now.
Add Comment
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50470) Cannot evaluate ArrayList.name inside Groovy Sandbox
Title: Message Title Owen Wood created an issue Jenkins / JENKINS-50470 Cannot evaluate ArrayList.name inside Groovy Sandbox Issue Type: Bug Assignee: Andrew Bayer Components: script-security-plugin Created: 2018-03-28 22:39 Environment: Jenkins 2.89.x Script Security 1.39 & 1.43 Priority: Minor Reporter: Owen Wood Steps to reproduce: 1. Create a freestyle job 2. Add "Execute system Groovy script" build step 3. Add content (see below) 4. Run build with "Use Groovy Sandbox" enabled. 5. Run without "Use Groovy Sandbox" enabled Script content: def someArrayList = [] println someArrayList.name This works with Sandbox disabled. When enabled, the following exception is thrown: ERROR: Build step failed with exception org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: No such field found: field java.util.ArrayList name at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.unclassifiedField(SandboxInterceptor.java:397) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:381) at org.kohsuke.groovy.sandbox.impl.Checker$6.call(Checker.java:288) at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:292) at org.kohsuke.groovy.sandbox.impl.Checker$checkedGetProperty.callStatic(
