[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title vimil commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Instead of not allowing classpath directories, is an enhancement to hash the contents of the directory better? I can provide a pull request for this enhancement if you think it won't cause other security issues Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title SCM/JIRA link daemon commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Code changed in jenkins User: Andres Rodriguez Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntryTest.java http://jenkins-ci.org/commit/script-security-plugin/3c38ff1a33c5a860bf6fe36fe6a8394d33e524f3 Log: JENKINS-24399 Refine URL criteria to identify class dirs. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title SCM/JIRA link daemon commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Code changed in jenkins User: ikedam Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java http://jenkins-ci.org/commit/script-security-plugin/b380684ea84cf71bcafc97f50e561b4e24adca28 Log: JENKINS-24399 Add a test to reproduce JENKINS-24399, modifying files in class directories does not require approval. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title SCM/JIRA link daemon commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry.java src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntryTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java http://jenkins-ci.org/commit/script-security-plugin/6cb7ac90b708547878b9c61767bf294f46c8eb9e Log: Merge pull request #52 from andresrc/JENKINS-24399 JENKINS-24399 Don't allow class directories any more. Compare: https://github.com/jenkinsci/script-security-plugin/compare/47ea2833a95d...6cb7ac90b708 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title SCM/JIRA link daemon commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Code changed in jenkins User: Andres Rodriguez Path: src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntry.java src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/Messages.properties src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ClasspathEntryTest.java src/test/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApprovalTest.java http://jenkins-ci.org/commit/script-security-plugin/ab0a6e1e14107f03fdd978c7148f6e1a0f79d50d Log: JENKINS-24399 Don't allow class directories any more. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title SCM/JIRA link daemon commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Code changed in jenkins User: Andres Rodriguez Path: src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScriptTest.java http://jenkins-ci.org/commit/script-security-plugin/e204a86c7e8476f30df6590a9025f9e333d2e0b3 Log: Merge branch 'feature/JENKINS-24399_ClassDirectoryProblem' of git://github.com/ikedam/script-security-plugin into JENKINS-24399 Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title Andres Rodriguez commented on JENKINS-24399 Re: Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Filed https://github.com/jenkinsci/script-security-plugin/pull/52 preventing the use of class directories as classpath entries. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title Andres Rodriguez started work on JENKINS-24399 Change By: Andres Rodriguez Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [script-security-plugin] (JENKINS-24399) Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths)
Title: Message Title Andres Rodriguez assigned an issue to Andres Rodriguez Jenkins / JENKINS-24399 Modifying files in class directories can bypass approval in script-security (or class directories are accepted as classpaths) Change By: Andres Rodriguez Assignee: Jesse Glick Andres Rodriguez Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
