I don't think it is safe to whitelist the java File object or its methods.
Is there a reason you're not relying on the ability of the dir step to
create a directory if one does not exist? Refer to
https://stackoverflow.com/questions/42654875/jenkins-pipeline-create-directory
for the stackoverflow comments.
I wrote the following small test that seems to create a directory, add
contents, then remove the directory, using the DSL rather than using java
File methods.
node('!windows') {
echo 'entering'
sh 'ls -alrR'
echo 'deleting contents'
deleteDir()
echo 'after content delete'
sh 'ls -alrR'
dir('some-dir') {
sh 'date >> datefile'
}
echo 'after content create'
sh 'ls -alrR'
}
On Wed, Mar 20, 2019 at 8:24 PM Jan Monterrubio <janmonterru...@gmail.com>
wrote:
> There’s an admin view for white listing method calls. If you don’t have
> admin access you can’t see it.
>
> On Wed, Mar 20, 2019 at 14:03 Guybrush Threepwood <guybrush...@gmail.com>
> wrote:
>
>> hello I have a Jenkins fileas part of a multibranch pipeline But I'm
>> getting seccurityissues when trying to create a directory inside the
>> workspace how can either disable the sandbox for this pipeline or whitelist
>> the methods I need to use from my code
>> Thanks.
>> This is the code:
>> ============================================================
>> import java.io.File;
>> import java.io.IOException;
>> import org.apache.commons.io.FileUtils;
>>
>> //autocancelled = false
>> node ('AnsibleBuild') {
>> try {
>> checkout scm
>> def versions = readJSON file: 'versions.json'
>> stage('Getting Python source Code') {
>> echo " before del try"
>> try {
>> echo "inside try";
>> *File f = new File("python");*
>> echo "after new file";
>> //FileUtils.cleanDirectory(f);
>> //clean out directory (this is optional -- but good know)
>> FileUtils.forceDelete(f);
>> //delete directory
>> //FileUtils.forceMkdir(f);
>> //create directory
>> }
>> catch (IOException e) {
>> echo "pinazo cleaning python"
>> echo e.getStackTrace();
>> } // catch delete dir
>> echo "Despues del try"
>> sh 'pwd'
>> sh 'ls -la'
>> sh 'mkdir python'
>> dir("python") {
>> echo 'Downloading Python code
>> from: https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz'
>> sh 'curl
>> https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz -o
>> Python-3.7.2.tgz'
>> sh 'file Python-3.7.2.tgz' //
>> needs to be checked that we downloaded a tgz file
>> sh 'tar -xzvf Python-3.7.2.tgz'
>> } //dir python
>> } // stage
>> currentBuild.result = 'SUCCESS'
>> } //try node
>> catch (e) {
>> echo "General Fostion";
>> echo "trace General" + e.getStackTrace();
>> currentBuild.result = 'FAILURE'
>> } //end catch
>> try {
>> echo "Cleaning WS"
>> dir(python) {
>> deleteDir()
>> }
>> } //try clena WS
>> catch (e) {
>> echo "Error Cleaning WS";
>> echo "trace cleaning" + e.getStackTrace();
>> currentBuild.result = 'FAILURE'
>> } //catch clena WS
>> } //node
>> ========================================================
>>
>> And I'm getting error: for line 14
>>
>> trace
>> General[org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectNew(StaticWhitelist.java:184),
>>
>> org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onNewInstance(SandboxInterceptor.java:170),
>> org.kohsuke.groovy.sandbox.impl.Checker$3.call(Checker.java:197),
>> org.kohsuke.groovy.sandbox.impl.Checker.checkedConstructor(Checker.java:202),
>>
>> com.cloudbees.groovy.cps.sandbox.SandboxInvoker.constructorCall(SandboxInvoker.java:21),
>> WorkflowScript.run(WorkflowScript:14), ___cps.transform___(Native Method),
>> com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.dispatchOrArg(FunctionCallBlock.java:96),
>>
>> com.cloudbees.groovy.cps.impl.FunctionCallBlock$ContinuationImpl.fixArg(FunctionCallBlock.java:82),
>> sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source),
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43),
>> java.lang.reflect.Method.invoke(Method.java:498),
>> com.cloudbees.groovy.cps.impl.ContinuationPtr$ContinuationImpl.receive(ContinuationPtr.java:72),
>> com.cloudbees.groovy.cps.impl.ConstantBlock.eval(ConstantBlock.java:21),
>> com.cloudbees.groovy.cps.Next.step(Next.java:83),
>> com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:174),
>> com.cloudbees.groovy.cps.Continuable$1.call(Continuable.java:163),
>> org.codehaus.groovy.runtime.GroovyCategorySupport$ThreadCategoryInfo.use(GroovyCategorySupport.java:129),
>>
>> org.codehaus.groovy.runtime.GroovyCategorySupport.use(GroovyCategorySupport.java:268),
>> com.cloudbees.groovy.cps.Continuable.run0(Continuable.java:163),
>> org.jenkinsci.plugins.workflow.cps.SandboxContinuable.access$101(SandboxContinuable.java:34),
>>
>> org.jenkinsci.plugins.workflow.cps.SandboxContinuable.lambda$run0$0(SandboxContinuable.java:59),
>>
>> org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.GroovySandbox.runInSandbox(GroovySandbox.java:136),
>>
>> org.jenkinsci.plugins.workflow.cps.SandboxContinuable.run0(SandboxContinuable.java:58),
>>
>> org.jenkinsci.plugins.workflow.cps.CpsThread.runNextChunk(CpsThread.java:182),
>>
>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.run(CpsThreadGroup.java:332),
>>
>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup.access$200(CpsThreadGroup.java:83),
>>
>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:244),
>>
>> org.jenkinsci.plugins.workflow.cps.CpsThreadGroup$2.call(CpsThreadGroup.java:232),
>>
>> org.jenkinsci.plugins.workflow.cps.CpsVmExecutorService$2.call(CpsVmExecutorService.java:64),
>> java.util.concurrent.FutureTask.run(FutureTask.java:266),
>> hudson.remoting.SingleLaneExecutorService$1.run(SingleLaneExecutorService.java:131),
>>
>> jenkins.util.ContextResettingExecutorService$1.run(ContextResettingExecutorService.java:28),
>>
>> jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:59),
>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511),
>> java.util.concurrent.FutureTask.run(FutureTask.java:266),
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149),
>>
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624),
>> java.lang.Thread.run(Thread.java:748)]
>>
>> Any ideas how to fix this. what is the right way of targeting this kind
>> of issue?
>> Thanks.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/ec75388f-8a03-424f-a9ca-43fd1d9ba452%40googlegroups.com
>> <https://groups.google.com/d/msgid/jenkinsci-users/ec75388f-8a03-424f-a9ca-43fd1d9ba452%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jenkinsci-users/CADgiF9JDdznaJaQ3wP%2BRA8_YXRcc%3DMq_JtXNU6R56OBUKSFaLg%40mail.gmail.com
> <https://groups.google.com/d/msgid/jenkinsci-users/CADgiF9JDdznaJaQ3wP%2BRA8_YXRcc%3DMq_JtXNU6R56OBUKSFaLg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Thanks!
Mark Waite
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtEEgQ1gS5%3DmvP79YDcpUY2w-n0VEUSpc-9dy_LpFc01wQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
