@SuppressWarnings("deprecation") private Object readResolve() { if (secureGroovyScript == null && !StringUtils.isBlank(groovyScriptContent)) { secureGroovyScript = new SecureGroovyScript(groovyScriptContent, false, null).configuring(ApprovalContext.create()); groovyScriptContent = null; } return this; }
public GroovyScriptExecutor(Script script, List<String> arguments, AbstractBuild<?, ?> build, Logger log) { this.arguments = new ArrayList<>(arguments); this.build = build; this.log = log; String enrichedScript = Util.replaceMacro(script.getContent(), EnvVars.masterEnvVars); secureGroovyScript = new SecureGroovyScript(enrichedScript, script.isSandboxed(), null); secureGroovyScript.configuringWithNonKeyItem(); }
@Deprecated public String getTriggerScript() { return secureTriggerScript.getScript(); }
@Deprecated public AbstractScriptTrigger(List<RecipientProvider> recipientProviders, String recipientList, String replyTo, String subject, String body, String attachmentsPattern, int attachBuildLog, String contentType, String triggerScript) { this(recipientProviders, recipientList, replyTo, subject, body, attachmentsPattern, attachBuildLog, contentType, new SecureGroovyScript(triggerScript, false, null)); }
@DataBoundConstructor public StringSystemScriptSource(SecureGroovyScript script) { this.script = script.configuringWithNonKeyItem(); }
/*packahge*/ Object run(AbstractBuild<?, ?> build, BuildListener listener, @CheckForNull Launcher launcher) throws IOException, InterruptedException { Jenkins jenkins = Jenkins.getInstance(); if (jenkins == null) { throw new IllegalStateException("Jenkins instance is null - Jenkins is shutting down?"); } @Nonnull ClassLoader cl = jenkins.getPluginManager().uberClassLoader; // Use HashMap as a backend for Binding as Hashtable does not accept nulls Map<Object, Object> binding = new HashMap<Object, Object>(); binding.putAll(parseProperties(bindings)); binding.put("build", build); if (launcher != null) { binding.put("launcher", launcher); } if (listener != null) { binding.put("listener", listener); binding.put("out", listener.getLogger()); } try { return source.getSecureGroovyScript(build.getWorkspace(), build, listener).evaluate(cl, new Binding(binding)); } catch (IOException x) { throw x; } catch (InterruptedException x) { throw x; } catch (RuntimeException x) { throw x; } catch (Exception x) { throw new IOException(x); } }
List<ClasspathEntry> cp = secureTriggerScript.getClasspath(); if (!cp.isEmpty()) { List<URL> urlList = new ArrayList<URL>(cp.size()); loader = GroovySandbox.createSecureClassLoader(loader); CompilerConfiguration cc; if(secureTriggerScript.isSandbox()) { cc = GroovySandbox.createSecureCompilerConfiguration(); } else { if (secureTriggerScript.isSandbox()) { try { return GroovySandbox.run(shell.parse(secureTriggerScript.getScript()), new ProxyWhitelist( Whitelist.all(), new PrintStreamInstanceWhitelist(logger))); return shell.evaluate(ScriptApproval.get().using(secureTriggerScript.getScript(), GroovyLanguage.get()));
@Override public boolean configure(@Nonnull StaplerRequest req, @Nonnull JSONObject formData) { super.configure(req, formData); if(formData.containsKey("secureTriggerScript")) { this.secureTriggerScript = req.bindJSON(SecureGroovyScript.class, formData.getJSONObject("secureTriggerScript")); this.secureTriggerScript.configuring(ApprovalContext.create().withCurrentUser().withItem(req.findAncestorObject(Item.class))); } return true; }
@Override public EmailTrigger createDefault() { return new PreBuildScriptTrigger(defaultRecipientProviders, "", "$PROJECT_DEFAULT_REPLYTO", "$PROJECT_DEFAULT_SUBJECT", "$PROJECT_DEFAULT_CONTENT", "", 0, "project", new SecureGroovyScript("", false, null)); } }
@DataBoundConstructor public GroovyCondition(final SecureGroovyScript script, final String unmetQualificationLabel, final String metQualificationLabel) { this.unmetQualificationLabel = Util.fixEmptyAndTrim(unmetQualificationLabel); this.metQualificationLabel = Util.fixEmptyAndTrim(metQualificationLabel); this.script = script.configuringWithNonKeyItem(); }
Object result = null; try { result = script.evaluate(classLoader, binding); } catch (final RejectedAccessException e) { LOGGER.log(Level.WARNING, "Sandbox exception", e);
public AbstractScriptTrigger(List<RecipientProvider> recipientProviders, String recipientList, String replyTo, String subject, String body, String attachmentsPattern, int attachBuildLog, String contentType, SecureGroovyScript secureTriggerScript) { super(recipientProviders, recipientList, replyTo, subject, body, attachmentsPattern, attachBuildLog, contentType); this.secureTriggerScript = secureTriggerScript; StaplerRequest request = Stapler.getCurrentRequest(); ApprovalContext context = ApprovalContext.create().withCurrentUser(); if (request != null) { context = context.withItem(request.findAncestorObject(Item.class)); } this.secureTriggerScript.configuring(context); }
/** * Called when object has been deserialized from a stream. * * @return {@code this}, or a replacement for {@code this}. * @throws ObjectStreamException if the object cannot be restored. * @see <a href="http://download.oracle.com/javase/1.3/docs/guide/serialization/spec/input.doc6.html">The Java Object Serialization Specification</a> */ private Object readResolve() throws ObjectStreamException { if (triggerScript != null && secureTriggerScript == null) { this.secureTriggerScript = new SecureGroovyScript(triggerScript, false, null); this.secureTriggerScript.configuring(ApprovalContext.create()); triggerScript = null; } return this; } }
@Override public EmailTrigger createDefault() { return new ScriptTrigger(defaultRecipientProviders, "", "$PROJECT_DEFAULT_REPLYTO", "$PROJECT_DEFAULT_SUBJECT", "$PROJECT_DEFAULT_CONTENT", "", 0, "project", new SecureGroovyScript("", false, null)); } }
/** * Creates the job property definition. * @param propertiesFilePath Path to the property file to be injected * @param propertiesContent Property definition * @param scriptFilePath Path to the Shell/batch script file, which should be executed to retrieve the EnvVars * @param scriptContent Shell/batch script, which should be executed to retrieve the EnvVars * @param loadFilesFromMaster If {@code true}, the script file will be loaded from the master * @param secureGroovyScript Groovy script to be executed in order to produce the environment variables. * This script will be verified by the Script Security plugin if defined. */ @DataBoundConstructor public EnvInjectJobPropertyInfo( @CheckForNull String propertiesFilePath, @CheckForNull String propertiesContent, @CheckForNull String scriptFilePath, @CheckForNull String scriptContent, boolean loadFilesFromMaster, @CheckForNull SecureGroovyScript secureGroovyScript ) { super(propertiesFilePath, propertiesContent); this.scriptFilePath = Util.fixEmpty(scriptFilePath); this.scriptContent = fixCrLf(Util.fixEmpty(scriptContent)); this.secureGroovyScript = secureGroovyScript != null ? secureGroovyScript.configuringWithNonKeyItem() : null; this.loadFilesFromMaster = loadFilesFromMaster; }
public void execute() throws Exception { Binding binding = new Binding(); if (build != null) { FilePath workspace = build.getWorkspace(); if (workspace != null && workspace.getRemote() != null) { binding.setVariable("workspace", new File(workspace.getRemote())); //NON-NLS } binding.setVariable("build", build); //NON-NLS } binding.setVariable("log", log); //NON-NLS binding.setVariable("out", log.getListener().getLogger()); //NON-NLS binding.setVariable("args", arguments); //NON-NLS ClassLoader classLoader = getClass().getClassLoader(); secureGroovyScript.evaluate(classLoader, binding); } }
private boolean hasScript() { return secureTriggerScript != null && StringUtils.isNotEmpty(secureTriggerScript.getScript()); }
StringUtils.isNotBlank(groovyScriptContent) ? new SecureGroovyScript(groovyScriptContent, false, null).configuring(ApprovalContext.create()) : null);
@Deprecated public SystemGroovy(final ScriptSource scriptSource, final String bindings, final String classpath) { if (scriptSource instanceof StringScriptSource) { source = new StringSystemScriptSource(new SecureGroovyScript(((StringScriptSource) scriptSource).getCommand(), false, null)); } else { source = new FileSystemScriptSource(((FileScriptSource) scriptSource).getScriptFile()); } this.bindings = bindings; if (Util.fixEmpty(classpath) != null) { throw new UnsupportedOperationException("classpath no longer supported"); // TODO convert StringScriptSource at least } }