Example 1 with ClasspathEntry
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisher method expandClasspath.
/**
* Expand the plugin class loader with URL taken from the project descriptor
* and the global configuration.
*
* @param context the current email context
* @param loader the class loader to expand
* @return the new expanded classloader
*/
private ClassLoader expandClasspath(ExtendedEmailPublisherContext context, ClassLoader loader) throws IOException {
List<ClasspathEntry> classpathList = new ArrayList<>();
if (classpath != null && !classpath.isEmpty()) {
transformToClasspathEntries(classpath, context, classpathList);
}
List<GroovyScriptPath> globalClasspath = getDescriptor().getDefaultClasspath();
if (globalClasspath != null && !globalClasspath.isEmpty()) {
transformToClasspathEntries(globalClasspath, context, classpathList);
}
boolean useSecurity = Jenkins.get().isUseSecurity();
if (!classpathList.isEmpty()) {
GroovyClassLoader gloader = new GroovyClassLoader(loader);
gloader.setShouldRecompile(true);
for (ClasspathEntry entry : classpathList) {
if (useSecurity) {
ScriptApproval.get().using(entry);
}
gloader.addURL(entry.getURL());
}
loader = gloader;
}
if (useSecurity) {
return GroovySandbox.createSecureClassLoader(loader);
} else {
return loader;
}
}
Also used :
GroovyClassLoader(groovy.lang.GroovyClassLoader)
ArrayList(java.util.ArrayList)
ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)
Example 2 with ClasspathEntry
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisherDescriptor method setDefaultClasspath.
@DataBoundSetter
public void setDefaultClasspath(List<GroovyScriptPath> defaultClasspath) throws FormException {
if (Jenkins.get().isUseSecurity()) {
ScriptApproval approval = ScriptApproval.get();
ApprovalContext context = ApprovalContext.create().withCurrentUser();
for (GroovyScriptPath path : defaultClasspath) {
URL u = path.asURL();
if (u != null) {
try {
approval.configuring(new ClasspathEntry(u.toString()), context);
} catch (MalformedURLException e) {
throw new FormException(e, "defaultClasspath");
}
}
}
}
this.defaultClasspath = defaultClasspath;
}
Also used :
ApprovalContext(org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext)
MalformedURLException(java.net.MalformedURLException)
ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)
ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)
URL(java.net.URL)
DataBoundSetter(org.kohsuke.stapler.DataBoundSetter)
Example 3 with ClasspathEntry
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class AbstractScriptTrigger method evaluate.
private Object evaluate(AbstractBuild<?, ?> build, TaskListener listener) throws IOException {
ClassLoader loader = Jenkins.get().getPluginManager().uberClassLoader;
JenkinsLocationConfiguration configuration = JenkinsLocationConfiguration.get();
assert configuration != null;
URLClassLoader urlcl = null;
List<ClasspathEntry> cp = secureTriggerScript.getClasspath();
if (!cp.isEmpty()) {
List<URL> urlList = new ArrayList<>(cp.size());
for (ClasspathEntry entry : cp) {
ScriptApproval.get().using(entry);
urlList.add(entry.getURL());
}
loader = urlcl = new URLClassLoader(urlList.toArray(new URL[0]), loader);
}
try {
loader = GroovySandbox.createSecureClassLoader(loader);
CompilerConfiguration cc;
if (secureTriggerScript.isSandbox()) {
cc = GroovySandbox.createSecureCompilerConfiguration();
} else {
cc = new CompilerConfiguration();
}
cc.addCompilationCustomizers(new ImportCustomizer().addStarImports("jenkins", "jenkins.model", "hudson", "hudson.model"));
Binding binding = new Binding();
binding.setVariable("build", build);
binding.setVariable("project", build.getParent());
binding.setVariable("rooturl", configuration.getUrl());
PrintStream logger = listener.getLogger();
binding.setVariable("out", logger);
GroovyShell shell = new GroovyShell(loader, binding, cc);
if (secureTriggerScript.isSandbox()) {
try {
return GroovySandbox.run(shell, secureTriggerScript.getScript(), new ProxyWhitelist(Whitelist.all(), new PrintStreamInstanceWhitelist(logger)));
} catch (RejectedAccessException x) {
throw ScriptApproval.get().accessRejected(x, ApprovalContext.create());
}
} else {
return shell.evaluate(ScriptApproval.get().using(secureTriggerScript.getScript(), GroovyLanguage.get()));
}
} finally {
if (urlcl != null) {
urlcl.close();
}
}
}
Also used :
Binding(groovy.lang.Binding)
PrintStream(java.io.PrintStream)
PrintStreamInstanceWhitelist(hudson.plugins.emailext.groovy.sandbox.PrintStreamInstanceWhitelist)
JenkinsLocationConfiguration(jenkins.model.JenkinsLocationConfiguration)
RejectedAccessException(org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException)
ArrayList(java.util.ArrayList)
URL(java.net.URL)
GroovyShell(groovy.lang.GroovyShell)
ProxyWhitelist(org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist)
URLClassLoader(java.net.URLClassLoader)
CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration)
URLClassLoader(java.net.URLClassLoader)
ImportCustomizer(org.codehaus.groovy.control.customizers.ImportCustomizer)
ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)
Example 4 with ClasspathEntry
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisher method setClasspath.
public void setClasspath(List<GroovyScriptPath> classpath) {
if (classpath != null && !classpath.isEmpty() && Jenkins.get().isUseSecurity()) {
// Prepare the classpath for approval
ScriptApproval scriptApproval = ScriptApproval.get();
ApprovalContext context = ApprovalContext.create().withCurrentUser();
StaplerRequest request = Stapler.getCurrentRequest();
if (request != null) {
context = context.withItem(request.findAncestorObject(Item.class));
}
for (GroovyScriptPath path : classpath) {
URL pUrl = path.asURL();
if (pUrl != null) {
// At least we can try to catch some of them, but some might need token expansion
try {
scriptApproval.configuring(new ClasspathEntry(pUrl.toString()), context);
} catch (MalformedURLException e) {
// At least we tried, but we shouldn't end up here since path.asURL() would have returned null
assert false : e;
}
}
}
}
this.classpath = classpath;
}
Also used :
ApprovalContext(org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext)
MalformedURLException(java.net.MalformedURLException)
StaplerRequest(org.kohsuke.stapler.StaplerRequest)
ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)
ScriptApproval(org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)
URL(java.net.URL)
Example 5 with ClasspathEntry
use of org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry in project email-ext-plugin by jenkinsci.
the class ExtendedEmailPublisher method transformToClasspathEntries.
private void transformToClasspathEntries(List<GroovyScriptPath> input, ExtendedEmailPublisherContext context, List<ClasspathEntry> output) {
for (GroovyScriptPath path : input) {
URL url = path.asURL();
if (url != null) {
try {
ClasspathEntry entry = new ClasspathEntry(url.toString());
output.add(entry);
} catch (MalformedURLException e) {
context.getListener().getLogger().printf("[email-ext] Warning: Ignoring classpath: [%s] as it could not be transformed into a valid URL%n", path.getPath());
}
}
}
}
Also used :
MalformedURLException(java.net.MalformedURLException)
ClasspathEntry(org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)
URL(java.net.URL)
Aggregations
ClasspathEntry (org.jenkinsci.plugins.scriptsecurity.scripts.ClasspathEntry)6
URL (java.net.URL)5
MalformedURLException (java.net.MalformedURLException)4
ArrayList (java.util.ArrayList)3
ApprovalContext (org.jenkinsci.plugins.scriptsecurity.scripts.ApprovalContext)2
ScriptApproval (org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval)2
Binding (groovy.lang.Binding)1
GroovyClassLoader (groovy.lang.GroovyClassLoader)1
GroovyShell (groovy.lang.GroovyShell)1
Initializer (hudson.init.Initializer)1
PrintStreamInstanceWhitelist (hudson.plugins.emailext.groovy.sandbox.PrintStreamInstanceWhitelist)1
PrintStream (java.io.PrintStream)1
URLClassLoader (java.net.URLClassLoader)1
List (java.util.List)1
JenkinsLocationConfiguration (jenkins.model.JenkinsLocationConfiguration)1
CompilerConfiguration (org.codehaus.groovy.control.CompilerConfiguration)1
ImportCustomizer (org.codehaus.groovy.control.customizers.ImportCustomizer)1
RejectedAccessException (org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException)1
ProxyWhitelist (org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist)1
DataBoundSetter (org.kohsuke.stapler.DataBoundSetter)1
