CODEWITHSUNDEEP
jenkinsgroovyjenkins-pipelinesandboxjenkins-groovy
jan
jan

Reputation: 2830

How to Approve Jenkins Scripted Pipeline RejectedAccessException for groovy.io.FileType FILES?

I have a scripted Jenkins Pipeline and cannot approve the sandbox restriction for groovy.io.FileType FILES. For example the following Jenkins Pipeline snippet does not work in the sandbox out of the box:

new File("/tmp").eachFileRecurse(FileType.FILES) { file ->
    echo "$file"
}

An exception is thrown:

Exception stacktrace: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticField groovy.io.FileType FILES
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticField(StaticWhitelist.java:199)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor$14.reject(SandboxInterceptor.java:372)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:381)
at org.kohsuke.groovy.sandbox.impl.Checker$6.call(Checker.java:288)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:292)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:29)
at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
at WorkflowScript.copySqlFiles(WorkflowScript:101)
at WorkflowScript.run(WorkflowScript:58)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.inside(jar:file:/var/jenkins_home/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:136)
...

Normally an entry is created for this type in Manage Jenkins » In-process Script Approval, but for this exception not. This is really strange, because if I traverse directories with new File("/tmp").eachFileRecurse(FileType.DIRECTORIES) it is working and I could approve the exception, but now there is no approval entry generated for FILES...

Upvotes: 1

Views: 2137

Answers (2)

uncletall
uncletall

Reputation: 6842

The best way to work with Jenkins Pipelines is to follow the provided scripts. In this case just use the findFiles Utility step

It doesn't seems to be possible to find directories but you can find files recursively in sub folders using the ant-like pattern matching.

To iterate over all the files in a sub folder of your workspace you could write this:

findFiles(glob: 'special/path/**/*').each {
    echo "${WORKSPACE}/${it.path}"
}

Upvotes: 2

jan
jan

Reputation: 2830

One workaround is to use the Groovy Script Console via Sub-URL .../script and running the following script:

def signature = 'staticField groovy.io.FileType FILES'
org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get().approveSignature(signature)

Upvotes: 1

Related Questions