Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-70080] Do not generate invalid bytecode for field assignments that use compound operators #103

Merged
merged 4 commits into from Mar 20, 2023
Merged

[JENKINS-70080] Do not generate invalid bytecode for field assignments that use compound operators #103

merged 4 commits into from Mar 20, 2023

Conversation

dwnusbaum
Copy link
Member

See JENKINS-70080.

The SECURITY-2824 fix (5202432) inadvertently caused sandbox-transformed field assignments that use compound operators to generate invalid bytecode.

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

@dwnusbaum dwnusbaum requested a review from a team as a code owner February 3, 2023 19:48
dwnusbaum
dwnusbaum commented Feb 6, 2023
View reviewed changes
src/test/java/org/kohsuke/groovy/sandbox/SandboxTransformerTest.java
@@ -1131,4 +1131,93 @@ public void sandboxSupportsReturnStatementsInClosures() throws Exception {
"Script2.result=ArrayList",
"Script2.result");
}

@Test
public void sandboxSupportsFinalFields() {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These first two tests are just regression tests that demonstrate why we need this whole special case in the first place.

src/test/java/org/kohsuke/groovy/sandbox/SandboxTransformerTest.java
}

@Test
public void sandboxDoesNotPerformImplicitCastsForOverloadedOperators() {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just added this because we did not already have any tests that explicitly covered this scenario.

@car-roll car-roll added the bug label Feb 7, 2023
@dwnusbaum @car-roll
[JENKINS-70080] Simplify code based on review feedback
017bd00 
Co-authored-by: Carroll Chiou <cchiou@cloudbees.com>
@dwnusbaum dwnusbaum merged commit 0aca2e5 into jenkinsci:master Mar 20, 2023
13 checks passed
@dwnusbaum dwnusbaum deleted the JENKINS-70080 branch March 20, 2023 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@basil basil basil approved these changes

@car-roll car-roll car-roll approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dwnusbaum @basil @car-roll