New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-70080] Do not generate invalid bytecode for field assignments that use compound operators #103
Conversation
…s that use compound operators
@@ -1131,4 +1131,93 @@ public void sandboxSupportsReturnStatementsInClosures() throws Exception { | |||
"Script2.result=ArrayList", | |||
"Script2.result"); | |||
} | |||
|
|||
@Test | |||
public void sandboxSupportsFinalFields() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These first two tests are just regression tests that demonstrate why we need this whole special case in the first place.
} | ||
|
||
@Test | ||
public void sandboxDoesNotPerformImplicitCastsForOverloadedOperators() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just added this because we did not already have any tests that explicitly covered this scenario.
src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java
Outdated
Show resolved
Hide resolved
Co-authored-by: Carroll Chiou <cchiou@cloudbees.com>
…TrackingClassCodeExpressionTransformer
See JENKINS-70080.
The SECURITY-2824 fix (5202432) inadvertently caused sandbox-transformed field assignments that use compound operators to generate invalid bytecode.