More generic methods whitelisted #12
Conversation
|
Thank you for a pull request! Please check this document for how the Jenkins project handles pull requests |
|
@jglick, can I start throwing more harmless methods in, or this really needs to be reviewed? |
| method java.lang.String startsWith java.lang.String | ||
| method java.lang.String replace java.lang.CharSequence java.lang.CharSequence | ||
| method java.util.Collection contains java.lang.Object | ||
| staticMethod java.lang.System getenv java.lang.String |
There was a problem hiding this comment.
I would not add getenv as it could perhaps be used to steal secrets from the master. (Probably not, but seems suspicious.)
There was a problem hiding this comment.
I found it in couple of our combination filters so I am interested in this one. It i imho impossible to keep the env-vars private if we allow master to run builds (even matrix parents). Perhaps it is not even necessary.
There was a problem hiding this comment.
if we allow master to run builds
If you allow that, then you might as well disable security entirely.
|
It needs to be reviewed I think, but yes please go ahead and add more to the PR if you have the time. BTW JENKINS-25804. |
olivergondza
force-pushed
the
more-generic-methods-whitelisted
branch
from
65a2261
to
a4f1e34
Compare
|
Removing |
|
👍, feel free to merge or continue. |
…sted More generic methods whitelisted
Whitelist some more prototypes I run into.