Groovy Sandbox doesn't allow to delegate class instance to closure in shared library

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Groovy Sandbox doesn't allow to delegate class instance to closure in shared library

Dmitry Karanfilov
Hi, 

Why I'm getting:
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object
when built-in steps are used inside closure for a global variable when closure.delegate = instance of class?
Please check the example bellow:

In shared library I have file vars/buildPlugin.groovy

def call(body) {
   
def config = new Dsl()
    body
.resolveStrategy = Closure.DELEGATE_FIRST
    body
.delegate = config
    body
()

    echo
"Name set by closure: ${config.name}"
}

class Dsl {
   
def name
}

and here is how it is using in Jenkinsfile (or pipeline script):

@Library('library.name') _

buildPlugin
{
    name
= 'name_from_Jenkinsfile'

    echo
"Name from Jenkinsfile: ${name}"
}

This causes error: 
org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object (Dsl echo org.codehaus.groovy.runtime.GStringImpl)

However if I change the delegate to be the Map everything works as expected:

def call(body) {
   
def config = [:]
   
// def config = new Dsl()
    body
.resolveStrategy = Closure.DELEGATE_FIRST
    body
.delegate = config
    body
()

    echo
"Name set by closure ${config.name}"
}

class Dsl {
   
def name
}

For what it's worth - If I uncheck Use Groovy Sandbox checkbox in pipeline job config I don't have RejectedAccessException even when config is instance of Dsl().

I know that I can just approve this signature but unlikely it is a right way to go.

I will be grateful for any help/hint. 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/a676f305-73af-4991-8dee-e881a4c6f145o%40googlegroups.com.