[JIRA] (JENKINS-42891) Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3
Title: Message Title Liam Newman closed an issue as Not A Defect Bulk closing resolved issues. Jenkins / JENKINS-42891 Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3 Change By: Liam Newman Status: Resolved Closed Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.179896.1489773538000.16561.1571801053534%40Atlassian.JIRA.
[JIRA] (JENKINS-42891) Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3
Title: Message Title Torben Knerr commented on JENKINS-42891 Re: Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3 Andrew Bayer I have assumed something like this, but this was only after hours of debugging. Questions: Is this new behaviour documented somewhere, like a warning / breaking changes in the CHANGELOG? Can you point me to the complete list of variables that can no longer be used? Would it be possible to check for inappropriate usage of these vars and throw a proper exception with a meaningful message instead? While I am somehow "sensitized" for this error now, I bet others will be tapping in the dark when they suddenly get totally unrelated exceptions like the one reported above. What do you think? Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42891) Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3
Title: Message Title Andrew Bayer resolved as Not A Defect Sadly, once you've got Declarative Pipelines installed (which comes automatically now), you can't have a variable in your Pipelines named pipeline, just as you can't have one named docker or scm or env - trying to use the same name as a global variable will just cause problems. So you should rename your vars/pipeline.groovy to something else. Sorry for the inconvenience. Jenkins / JENKINS-42891 Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3 Change By: Andrew Bayer Status: Open Resolved Resolution: Not A Defect Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
[JIRA] (JENKINS-42891) Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3
Title: Message Title
Torben Knerr updated an issue
Jenkins / JENKINS-42891
Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3
Change By:
Torben Knerr
We are using a global lib with `vars/pipeline.groovy` in Jenkins 2.32.1 and everything works fine. When using the same lib with Jenkins 2.32.3 we suddenly get failing pipeline builds with this error: {code:java}org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter doTry org.jenkinsci.plugins.workflow.cps.CpsClosure2) at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:183) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:117) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:103) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16) ...{code} The `vars/pipeline.groovy` looks as simple as that: {code:java}def doStuff() {echo "hello!"}{code} And within our `Jenkinsfile` we call it like that: {code:java}node {stage("do stuff") {pipeline.doStuff() // throws above exception }}{code} It pretty much looks like a script-security plugin issue on first sight. (this was updated from 1.25 to 1.27 when we use Jenkins 2.32.3). However, after having simplified our `vars/pipeline.groovy` to such a mininmal helper method example there is really nothing that script security should complain about. But it still does throw the exception above.In a desperate move I renamed `vars/pipeline.groovy` to `vars/wat.groovy`, and guess what? It works... {code:java} node {stage("do stuff") {wat.doStuff() // works!}}{code} So my conclusion is that it must have something to do with either the name `pipeline.groovy`, or simply a variable named `pipeline` being implicitly defined in the global scope with newer Jenkins versions.I'm not sure which component exactly produces the error, so the ones I assigned are the most likely culprits for me.
[JIRA] (JENKINS-42891) Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3
Title: Message Title Torben Knerr created an issue Jenkins / JENKINS-42891 Using `vars/pipeline.groovy` causes script-security error starting with Jenkins 2.32.3 Issue Type: Bug Assignee: Andrew Bayer Components: pipeline-model-definition-plugin, script-security-plugin, workflow-cps-global-lib-plugin Created: 2017/Mar/17 5:58 PM Environment: Jenkins 2.32.3 LTS, with - script-security 1.27 - workflow-cps-global-lib 2.7 - pipeline-model-definition 1.1.1 Priority: Minor Reporter: Torben Knerr We are using a global lib with `vars/pipeline.groovy` in Jenkins 2.32.1 and everything works fine. When using the same lib with Jenkins 2.32.3 we suddenly get failing pipeline builds with this error: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter doTry org.jenkinsci.plugins.workflow.cps.CpsClosure2) at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:183) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:117) at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:103) at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:149) at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:146) at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:16) ...
