[jenkinsci/script-security-plugin] 794832: Always reject System.exit.

Thu, 18 Apr 2019 11:55:49 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/script-security-plugin
  Commit: 794832a7dc0d96f02a69820f0b7f37e1a83e4bae
      
https://github.com/jenkinsci/script-security-plugin/commit/794832a7dc0d96f02a69820f0b7f37e1a83e4bae
  Author: Andrew Bayer <andrew.ba...@gmail.com>
  Date:   2019-04-15 (Mon, 15 Apr 2019)

  Changed paths:
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
    M 
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java

  Log Message:
  -----------
  Always reject System.exit.

There is never a valid reason for calling `System.exit(1)` in a
Jenkins Groovy script. Ever. So let's just permanently hack it into
always being rejected. Also, let's special case it in `ScriptApproval`
to not even show up as a pending signature.


  Commit: 78f57b64cde292c563317dc8d5094d74521fdd4b
      
https://github.com/jenkinsci/script-security-plugin/commit/78f57b64cde292c563317dc8d5094d74521fdd4b
  Author: Andrew Bayer <andrew.ba...@gmail.com>
  Date:   2019-04-15 (Mon, 15 Apr 2019)

  Changed paths:
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelist.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
    M 
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java

  Log Message:
  -----------
  Add Runtime#halt/exit, switch to early form of generalized permablacklist


  Commit: 160c3f1e8217da662df24ca8621a9e3a87ad37ae
      
https://github.com/jenkinsci/script-security-plugin/commit/160c3f1e8217da662df24ca8621a9e3a87ad37ae
  Author: Andrew Bayer <andrew.ba...@gmail.com>
  Date:   2019-04-15 (Mon, 15 Apr 2019)

  Changed paths:
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelist.java

  Log Message:
  -----------
  Tidy up a bit


  Commit: 32aa07cf1019a6724c9251e9d0789e67cbaaca6a
      
https://github.com/jenkinsci/script-security-plugin/commit/32aa07cf1019a6724c9251e9d0789e67cbaaca6a
  Author: Andrew Bayer <andrew.ba...@gmail.com>
  Date:   2019-04-18 (Thu, 18 Apr 2019)

  Changed paths:
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptor.java
    M 
src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/StaticWhitelist.java
    M 
src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SandboxInterceptorTest.java

  Log Message:
  -----------
  Merge pull request #246 from abayer/blacklist-system-exit

Always reject System.exit.


Compare: 
https://github.com/jenkinsci/script-security-plugin/compare/a1bc674fc73f...32aa07cf1019

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to