From a143c2c0e8c9b05c164a84067f85b07cb63dca5c Mon Sep 17 00:00:00 2001 From: Hari Dara Date: Sun, 26 Sep 2021 20:13:14 +0530 Subject: [PATCH 1/3] JENKINS-66735: Whilelist some common signatures and additional signatures from CauseOfInterruption --- .../scriptsecurity/sandbox/whitelists/generic-whitelist | 3 +++ .../scriptsecurity/sandbox/whitelists/jenkins-whitelist | 2 ++ 2 files changed, 5 insertions(+) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index e2417888f..1ede832ba 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -292,6 +292,7 @@ new java.lang.StringBuilder int new java.lang.StringBuilder java.lang.CharSequence new java.lang.StringBuilder java.lang.String staticMethod java.lang.System currentTimeMillis +staticMethod java.lang.System identityHashCode java.lang.Object method java.lang.Throwable getCause method java.lang.Throwable getMessage method java.lang.Throwable printStackTrace java.io.PrintStream @@ -678,6 +679,7 @@ method java.util.Date setTime long method java.util.Date setYear int method java.util.Date toGMTString method java.util.Date toLocaleString +new java.util.HashMap new java.util.HashSet new java.util.HashSet java.util.Collection method java.util.Iterator hasNext @@ -1121,6 +1123,7 @@ staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Ite staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Iterator java.util.Comparator staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Map staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Map groovy.lang.Closure +staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Map java.util.Comparator staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.lang.String staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.util.Collection groovy.lang.Closure staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.util.List groovy.lang.Closure diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist index f5b3d4672..959e92fc1 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist @@ -34,3 +34,5 @@ field hudson.scm.EditType EDIT method hudson.scm.EditType getName method hudson.tools.ToolInstallation getHome method hudson.tools.ToolInstallation getName +method jenkins.model.CauseOfInterruption getShortDescription +method jenkins.model.CauseOfInterruption.UserInterruption getUserId From b591bb1e14b25ddaafcb4f44d5138f3da37c2541 Mon Sep 17 00:00:00 2001 From: Hari Dara Date: Sun, 5 Dec 2021 17:31:32 +0530 Subject: [PATCH 2/3] Adding HashMap constructor to clone an existing map --- .../plugins/scriptsecurity/sandbox/whitelists/generic-whitelist | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index 1ede832ba..109839d52 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -680,6 +680,7 @@ method java.util.Date setYear int method java.util.Date toGMTString method java.util.Date toLocaleString new java.util.HashMap +new java.util.HashMap java.util.Map new java.util.HashSet new java.util.HashSet java.util.Collection method java.util.Iterator hasNext From c3d9d689368dcb6b7ae5cfdba4c7537fc8680194 Mon Sep 17 00:00:00 2001 From: Hari Krishna Dara Date: Fri, 7 Jan 2022 21:36:28 +0530 Subject: [PATCH 3/3] Update src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist Co-authored-by: Jesse Glick --- .../plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist index 959e92fc1..5d9897c6b 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/jenkins-whitelist @@ -35,4 +35,4 @@ method hudson.scm.EditType getName method hudson.tools.ToolInstallation getHome method hudson.tools.ToolInstallation getName method jenkins.model.CauseOfInterruption getShortDescription -method jenkins.model.CauseOfInterruption.UserInterruption getUserId +method jenkins.model.CauseOfInterruption$UserInterruption getUserId