Jenkins pipeline throws reporting:org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException

Question

Jenkins pipeline throws reporting:org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.util.XmlSlurper parseText java.lang.String

Here is the code:

def testsuites = new XmlSlurper().parseText(xml)

Also I could not see this method in ScriptApproval. How can we whitelist this method manually or any other solution to fix this?

Answer 1

I've tested your use case with Jenkins 2.60.3 and after running a script that uses new XmlSlurper().parseText(someXml) I get expected exception:

org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method groovy.util.XmlSlurper parseText java.lang.String
    at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectMethod(StaticWhitelist.java:175)
    at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onMethodCall(SandboxInterceptor.java:137)
    at org.kohsuke.groovy.sandbox.impl.Checker$1.call(Checker.java:155)
    at org.kohsuke.groovy.sandbox.impl.Checker.checkedCall(Checker.java:159)
    at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.methodCall(SandboxInvoker.java:17)
    at WorkflowScript.run(WorkflowScript:9)

And I see in /scriptApproval I can approve it:

You can always try adding this approval manually. In Jenkins home directory you can find scriptApproval.xml file. Add:

<string>method groovy.util.XmlSlurper parseText java.lang.String</string>

inside <approvedSignatures> tag and restart Jenkins. It will cause the same effect as approving this signature via Jenkins UI.