How do you evaluate the risk of allowing a particular static method call in a pipeline?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How do you evaluate the risk of allowing a particular static method call in a pipeline?

David Karr
When I try to call a static method in a pipeline script that doesn't have an existing script approval, I get an exception, which requires a script approval.

What exactly is the risk involved here?  How does someone evaluate the risk of calling a particular static method?  For instance, I needed to emit some json from an object, so I tried to use the JsonOutput class, which has all static methods.  My Jenkins admin is going through channels to determine whether there's a risk here, and this seems like a waste of time to me.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/96549134-7a18-49eb-bc2f-68f10e97cec4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How do you evaluate the risk of allowing a particular static method call in a pipeline?

James Nord-3
well toJson can take a URL which could be a file:// path to some file on the master which you should not be able to read which could allow you to retrieve anything (including all secrets) in a Jenkins home.

(There is also a method that takes a closure which is abitrary code.)

Basically yeah - that would be a security risk :)

As for how do you evaluate it, you need to think how can I misuse this to get access to something that I should not be able to...

But, I will push this a different way.

Pipeline should be used for orchestration and not complex build logic.  Putting in build logic makes it hard to test and debug and adds load to Jenkins.  Why don't you do the data manipulation in shell scripts where you can easily test / reproduce issues in a local environment?



On Sunday, September 9, 2018 at 4:48:17 PM UTC+1, David Karr wrote:
When I try to call a static method in a pipeline script that doesn't have an existing script approval, I get an exception, which requires a script approval.

What exactly is the risk involved here?  How does someone evaluate the risk of calling a particular static method?  For instance, I needed to emit some json from an object, so I tried to use the JsonOutput class, which has all static methods.  My Jenkins admin is going through channels to determine whether there's a risk here, and this seems like a waste of time to me.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e87d072d-dcdb-4624-b6f4-5e867145558e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.