subject:"Script Security check during descriptor load"

Re: Script Security check during descriptor load

2020-07-27 Thread Slide

Hi Basil,


Thanks so much for your help! I'll review those items and see what I can
do. The Jenkins community is great!

Regards,

Alex

On Mon, Jul 27, 2020, 17:48 Basil Crow  wrote:

> Hey Alex,
>
> Coincidentally, I ran across a very similar circular dependency issue
> recently in the Copy Artifact plugin (JENKINS-62267
> ). On further
> examination, I also found a similar circular dependency issue in the
> Folders plugin (JENKINS-60393
> ). The Copy Artifact
> plugin maintainer based his fix for JENKINS-62267 on the fix for
> JENKINS-60393. You might find some inspiration  reading those bugs and PRs.
>
> Basil
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqrNtwf9_87Xw6fi2VUAvdvn0KjTDN7z1FeaLcL3QzpYQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAPiUgVcEZ9VSbey%3Ds0wKo_FMyZEwTF39tjpWWK6bPAwKRGCoQw%40mail.gmail.com.

Re: Script Security check during descriptor load

2020-07-27 Thread Basil Crow

Hey Alex,

Coincidentally, I ran across a very similar circular dependency issue
recently in the Copy Artifact plugin (JENKINS-62267
). On further
examination, I also found a similar circular dependency issue in the
Folders plugin (JENKINS-60393
). The Copy Artifact
plugin maintainer based his fix for JENKINS-62267 on the fix for
JENKINS-60393. You might find some inspiration  reading those bugs and PRs.

Basil

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-dev/CAFwNDjqrNtwf9_87Xw6fi2VUAvdvn0KjTDN7z1FeaLcL3QzpYQ%40mail.gmail.com.

Script Security check during descriptor load

2020-07-27 Thread Slide

I am looking into  https://issues.jenkins-ci.org/browse/JENKINS-60002 for
email-ext. The issue arises when a pre-send script is configured and
Jenkins is starting up. This particular code is something that was
implemented while I was not the maintainer of the plugin, so I am not as
well versed in the history as other code in the plugin.

The constructor

is
calling load() and then calling some methods to setup parts of the plugin.
One of the things it does is call setDefaultPresendScript
so
that a check is done on the approval status for the script security plugin.
The check looks like this:

this.defaultPresendScript = ScriptApproval.get().configuring(((script ==
null) ?  ""  : script), GroovyLanguage.get(), ApprovalContext.create().
withCurrentUser());
  The ApprovalContext.create().withCurrentUser() seems to be the problem
because during Jenkins startup, there is no user (it is null). So, this
causes the issue in the bug. How do I make sure the script security stuff
is setup correctly for the pre-send script while fixing this issue?

Here is the full stack trace from the error:

 0.682 [id=78] WARNING
h.ExtensionFinder$GuiceFinder$FaultTolerantScope$1#error: Failed to
instantiate
Key[type=hudson.plugins.emailext.ExtendedEmailPublisherDescriptor,
annotation=[none]]; skipping this component
com.google.inject.ProvisionException: Unable to provision, see the
following errors:

1) Tried proxying hudson.plugins.emailext.ExtendedEmailPublisherDescriptor
to support a circular dependency, but it is not an interface.

1 error
at
com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145)
at
hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1.get(ExtensionFinder.java:440)
at
com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:41)
at com.google.inject.internal.InjectorImpl$2$1.call(InjectorImpl.java:1016)
at
com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1103)
at com.google.inject.internal.InjectorImpl$2.get(InjectorImpl.java:1012)
at hudson.ExtensionFinder$GuiceFinder._find(ExtensionFinder.java:402)
at hudson.ExtensionFinder$GuiceFinder.find(ExtensionFinder.java:393)
at
hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:335)
at hudson.ExtensionList.load(ExtensionList.java:380)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:318)
at hudson.ExtensionList.getComponents(ExtensionList.java:183)
at hudson.DescriptorExtensionList.load(DescriptorExtensionList.java:193)
at hudson.ExtensionList.ensureLoaded(ExtensionList.java:318)
at hudson.ExtensionList.iterator(ExtensionList.java:172)
at hudson.model.User.allocateDefaultPropertyInstancesAsNeeded(User.java:209)
at hudson.model.User.load(User.java:198)
at hudson.model.User.(User.java:191)
at hudson.model.User.getOrCreateById(User.java:523)
at hudson.model.User.getById(User.java:619)
at hudson.model.User.get(User.java:603)
at hudson.model.User.current(User.java:586)
at
org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext.withCurrentUser(ApprovalContext.java:72)
at
hudson.plugins.emailext.ExtendedEmailPublisherDescriptor.setDefaultPostsendScript(ExtendedEmailPublisherDescriptor.java:580)
at
hudson.plugins.emailext.ExtendedEmailPublisherDescriptor.(ExtendedEmailPublisherDescriptor.java:196)
at
hudson.plugins.emailext.ExtendedEmailPublisherDescriptor$$FastClassByGuice$$5dfa54d0.newInstance()
at
com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40)
at
com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:61)
at
com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:105)
at
com.google.inject.internal.ConstructorInjector.access$000(ConstructorInjector.java:32)
at
com.google.inject.internal.ConstructorInjector$1.call(ConstructorInjector.java:89)
at
com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:115)
at
hudson.ExtensionFinder$GuiceFinder$SezpozModule.onProvision(ExtensionFinder.java:567)
at
com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:126)
at
com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:68)
at
com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:87)
at
com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:267)
at
com.google.inject.internal.ProviderToInternalFactoryA

Re: Script Security check during descriptor load

Re: Script Security check during descriptor load

Script Security check during descriptor load

3 matches

Site Navigation

Mail list logo

Footer information