Skip to content
Permalink
Browse files

fixed support for Automatically Generated DSL when using script secur…

…ity sandbox

[FIXES JENKINS-47560]
  • Loading branch information...
daspilker committed Oct 23, 2017
1 parent b3a34b5 commit f65d986bd38c87faac4fc3ed0a42bd4d048db1b0
@@ -29,6 +29,8 @@ Browse the Jenkins issue tracker to see any [open issues](https://issues.jenkins

## Release Notes
* 1.67 (unreleased)
* Fixed support for [[Automatically Generated DSL]] when using script security sandbox
([JENKINS-47560](https://issues.jenkins-ci.org/browse/JENKINS-47560))
* Enhanced support for the [Groovy Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Groovy+plugin)
([JENKINS-44256](https://issues.jenkins-ci.org/browse/JENKINS-44256))
* Support for the older versions of the [Groovy Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Groovy+plugin) is
@@ -1,6 +1,9 @@
package javaposse.jobdsl.plugin

import javaposse.jobdsl.dsl.AbstractExtensibleContext
import javaposse.jobdsl.dsl.Context
import javaposse.jobdsl.plugin.structs.DescribableContext
import javaposse.jobdsl.plugin.structs.DescribableListContext
import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.AbstractWhitelist

import java.lang.reflect.Method
@@ -9,8 +12,15 @@ import java.lang.reflect.Method
* Allows methods defined in {@link Context}.
*/
class JobDslWhitelist extends AbstractWhitelist {
private static final Method INVOKE_METHOD = GroovyObject.getDeclaredMethod('invokeMethod', String, Object)
private static final Set<Class> DYNAMIC_CONTEXTS = [
AbstractExtensibleContext, DescribableContext, DescribableListContext
]

@Override
boolean permitsMethod(Method method, Object receiver, Object[] args) {
Context.isAssignableFrom(method.declaringClass)
Context.isAssignableFrom(method.declaringClass) ||
(method == INVOKE_METHOD && receiver.class.classLoader == JobDslWhitelist.classLoader &&
DYNAMIC_CONTEXTS.any { context -> context.isInstance(receiver) })
}
}
@@ -1423,6 +1423,32 @@ class ExecuteDslScriptsSpec extends Specification {
assert ScriptApproval.get().pendingScripts*.script == []
}
def 'run script with dynamic DSL in sandbox'() {
setup:
String script = 'job("test") { triggers { cron { spec("@daily") } } }'
jenkinsRule.instance.securityRealm = jenkinsRule.createDummySecurityRealm()
jenkinsRule.instance.authorizationStrategy = new MockAuthorizationStrategy()
.grant(Jenkins.READ, Item.READ, Item.CONFIGURE, Item.CREATE, Computer.BUILD).everywhere().to('dev')
FreeStyleProject job = jenkinsRule.createFreeStyleProject('seed')
job.buildersList.add(new ExecuteDslScripts(scriptText: script, sandbox: true))
setupQIA('dev', job)
when:
jenkinsRule.submit(jenkinsRule.createWebClient().login('dev').getPage(job, 'configure').getFormByName('config'))
then:
assert ScriptApproval.get().pendingScripts*.script == []
when:
FreeStyleBuild build = job.scheduleBuild2(0).get()
then:
build.result == SUCCESS
assert ScriptApproval.get().pendingScripts*.script == []
}
def 'run script in sandbox with unapproved signature'() {
setup:
String script = 'System.exit(0)'

0 comments on commit f65d986

Please sign in to comment.
You can’t perform that action at this time.