use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisher method expandClasspath.
/**
* Expand the plugin class loader with URL taken from the project descriptor
* and the global configuration.
*
* @param context the current email context
* @param loader the class loader to expand
* @return the new expanded classloader
*/
private ClassLoader expandClasspath(ExtendedEmailPublisherContext context, ClassLoader loader) throws IOException {
List<ClasspathEntry> classpathList = new ArrayList<>();
if (classpath != null && !classpath.isEmpty()) {
transformToClasspathEntries(classpath, context, classpathList);
}
List<GroovyScriptPath> globalClasspath = getDescriptor().getDefaultClasspath();
if (globalClasspath != null && !globalClasspath.isEmpty()) {
transformToClasspathEntries(globalClasspath, context, classpathList);
}
boolean useSecurity = Jenkins.get().isUseSecurity();
if (!classpathList.isEmpty()) {
GroovyClassLoader gloader = new GroovyClassLoader(loader);
gloader.setShouldRecompile(true);
for (ClasspathEntry entry : classpathList) {
if (useSecurity) {
ScriptApproval.get().using(entry);
}
gloader.addURL(entry.getURL());
}
loader = gloader;
}
if (useSecurity) {
return GroovySandbox.createSecureClassLoader(loader);
} else {
return loader;
}
}
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisherDescriptor method setDefaultClasspath.
@DataBoundSetter
public void setDefaultClasspath(List<GroovyScriptPath> defaultClasspath) throws FormException {
if (Jenkins.get().isUseSecurity()) {
ScriptApproval approval = ScriptApproval.get();
ApprovalContext context = ApprovalContext.create().withCurrentUser();
for (GroovyScriptPath path : defaultClasspath) {
URL u = path.asURL();
if (u != null) {
try {
approval.configuring(new ClasspathEntry(u.toString()), context);
} catch (MalformedURLException e) {
throw new FormException(e, "defaultClasspath");
}
}
}
}
this.defaultClasspath = defaultClasspath;
}
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class AbstractScriptTrigger method evaluate.
private Object evaluate(AbstractBuild<?, ?> build, TaskListener listener) throws IOException {
ClassLoader loader = Jenkins.get().getPluginManager().uberClassLoader;
JenkinsLocationConfiguration configuration = JenkinsLocationConfiguration.get();
assert configuration != null;
URLClassLoader urlcl = null;
List<ClasspathEntry> cp = secureTriggerScript.getClasspath();
if (!cp.isEmpty()) {
List<URL> urlList = new ArrayList<>(cp.size());
for (ClasspathEntry entry : cp) {
ScriptApproval.get().using(entry);
urlList.add(entry.getURL());
}
loader = urlcl = new URLClassLoader(urlList.toArray(new URL[0]), loader);
}
try {
loader = GroovySandbox.createSecureClassLoader(loader);
CompilerConfiguration cc;
if (secureTriggerScript.isSandbox()) {
cc = GroovySandbox.createSecureCompilerConfiguration();
} else {
cc = new CompilerConfiguration();
}
cc.addCompilationCustomizers(new ImportCustomizer().addStarImports("jenkins", "jenkins.model", "hudson", "hudson.model"));
Binding binding = new Binding();
binding.setVariable("build", build);
binding.setVariable("project", build.getParent());
binding.setVariable("rooturl", configuration.getUrl());
PrintStream logger = listener.getLogger();
binding.setVariable("out", logger);
GroovyShell shell = new GroovyShell(loader, binding, cc);
if (secureTriggerScript.isSandbox()) {
try {
return GroovySandbox.run(shell, secureTriggerScript.getScript(), new ProxyWhitelist(Whitelist.all(), new PrintStreamInstanceWhitelist(logger)));
} catch (RejectedAccessException x) {
throw ScriptApproval.get().accessRejected(x, ApprovalContext.create());
}
} else {
return shell.evaluate(ScriptApproval.get().using(secureTriggerScript.getScript(), GroovyLanguage.get()));
}
} finally {
if (urlcl != null) {
urlcl.close();
}
}
}
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisher method setClasspath.
public void setClasspath(List<GroovyScriptPath> classpath) {
if (classpath != null && !classpath.isEmpty() && Jenkins.get().isUseSecurity()) {
// Prepare the classpath for approval
ScriptApproval scriptApproval = ScriptApproval.get();
ApprovalContext context = ApprovalContext.create().withCurrentUser();
StaplerRequest request = Stapler.getCurrentRequest();
if (request != null) {
context = context.withItem(request.findAncestorObject(Item.class));
}
for (GroovyScriptPath path : classpath) {
URL pUrl = path.asURL();
if (pUrl != null) {
// At least we can try to catch some of them, but some might need token expansion
try {
scriptApproval.configuring(new ClasspathEntry(pUrl.toString()), context);
} catch (MalformedURLException e) {
// At least we tried, but we shouldn't end up here since path.asURL() would have returned null
assert false : e;
}
}
}
}
this.classpath = classpath;
}
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisher method transformToClasspathEntries.
private void transformToClasspathEntries(List<GroovyScriptPath> input, ExtendedEmailPublisherContext context, List<ClasspathEntry> output) {
for (GroovyScriptPath path : input) {
URL url = path.asURL();
if (url != null) {
try {
ClasspathEntry entry = new ClasspathEntry(url.toString());
output.add(entry);
} catch (MalformedURLException e) {
context.getListener().getLogger().printf("[email-ext] Warning: Ignoring classpath: [%s] as it could not be transformed into a valid URL%n", path.getPath());
}
}
}
}
Aggregations