SECURITY-3341

jenkinsci · Apr 16, 2024 · 7fc878b · 7fc878b
1 parent 43db123
commit 7fc878b
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 4 deletions.
diff --git a/lib/pom.xml b/lib/pom.xml
@@ -73,7 +73,7 @@
   </build>
 
   <properties>
-      <groovy-sandbox.version>1.33</groovy-sandbox.version>
+      <groovy-sandbox.version>1.34</groovy-sandbox.version>
       <no-test-jar>false</no-test-jar>
   </properties>
   <dependencies>

diff --git a/lib/src/test/java/com/cloudbees/groovy/cps/sandbox/SandboxInvokerTest.java b/lib/src/test/java/com/cloudbees/groovy/cps/sandbox/SandboxInvokerTest.java
@@ -89,9 +89,16 @@ public void assertEvaluate(Object expectedReturnValue, String script) {
         // TODO: Refactor things so we can check evalCps as well.
     }
 
-    public void assertIntercept(String script, Object expectedResult, String... expectedInterceptions) throws Throwable {
+    public void assertIntercept(String script, Object expectedResult, String... expectedCalls) throws Throwable {
         assertEvaluate(expectedResult, script);
-        ec.checkThat(cr.toString().split("\n"), equalTo(expectedInterceptions));
+        String[] updatedExpectedCalls = expectedCalls;
+        // Insert SerializableScript constructor call automatically to avoid having to update all tests.
+        if (expectedCalls.length == 0 || (expectedCalls.length > 0 && !expectedCalls[0].equals("new SerializableScript()"))) {
+            updatedExpectedCalls = new String[expectedCalls.length + 1];
+            updatedExpectedCalls[0] = "new SerializableScript()";
+            System.arraycopy(expectedCalls, 0, updatedExpectedCalls, 1, expectedCalls.length);
+        }
+        ec.checkThat(cr.toString().split("\n"), equalTo(updatedExpectedCalls));
     }
 
     /**
@@ -566,7 +573,8 @@ public void nonCpsfinalizerForbidden() throws Throwable {
                 null,
                 "Script1.super(Script1).setBinding(Binding)",
                 "new Test()",
-                "System:getProperties()");
+                "System:getProperties()",
+                "new Test(Properties)");
     }
 
     @Ignore("Initial expressions for parameters in CPS-transformed closures are currently ignored")
@@ -636,6 +644,7 @@ public void sandboxInterceptsImplicitCastsArrayAssignment() throws Throwable {
                 "Script3.super(Script3).setBinding(Binding)",
                 "new Test()",
                 "new File(String)",
+                "new Test(File)",
                 "Test.x");
     }
 

diff --git a/plugin/pom.xml b/plugin/pom.xml
@@ -80,6 +80,7 @@
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>
             <artifactId>script-security</artifactId>
+            <version>1336.vf33a_a_9863911</version>
         </dependency>
         <dependency>
             <groupId>org.jenkins-ci.plugins</groupId>