This repository has been archived by the owner on Nov 5, 2022. It is now read-only.
Mixing trusted & untrusted code in one CPS session #36
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
See doc/sandbox.md for the explanation of this change. Previously, whether to sandbox or not was a decision made at the point of thread creation, which made it impossible to mix trusted code & untrusted code in single program. This change fixes that by making this decision at the call site level. In Jenkins, this enables plugins to package Groovy code that gets CPS-transformed but runs outside sandbox. Attention was paid to preserve backward compatibility with the persisted form of the program, which is translated without any trusted/untrusted call site tags.
kohsuke
changed the title
|
Without a downstream PR it is unclear what this is for. Would it allow JENKINS-34650 to be solved, as per jenkinsci/workflow-cps-global-lib-plugin#2? |
|
You are right that this needs some downstream PR before concluding. That said, this change is ready to be looked at. I was doing this to enable plugins that are written in Groovy that are CPS transformed, in the context of a joint PoC effort with @abayer. I think JENKINS-34650 is a good user visible feature out of this change. I'll work on it. |
|
🐝 |
| or the invocation should be always allowed to happen (trusted.) | ||
|
|
||
| The call site tagging mechanism itself is more general, so it can be used for other purposes, | ||
| for example to record where it came from, etc. |
There was a problem hiding this comment.
So it could at some point be used to record a CodeSource, for example?
|
🐝 |
| @@ -240,7 +240,7 @@ class CpsTransformer extends CompilationCustomizer implements GroovyCodeVisitor | |||
| /** | |||
| * {@link Trusted} or {@link Untrusted} tag that gets added to call site. | |||
| * | |||
| * @see 'doc/sandbox.md' | |||
| * @see "doc/sandbox.md" | |||
There was a problem hiding this comment.
This is not correct either AFAIK.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See
doc/sandbox.mdfor the explanation of what this does.@reviewbybees