Package org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists

Class AclAwareWhitelist

java.lang.Object
org.jenkinsci.plugins.scriptsecurity.sandbox.Whitelist
org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.AclAwareWhitelist
All Implemented Interfaces:
ExtensionPoint
Direct Known Subclasses:
AnnotatedWhitelist
public class AclAwareWhitelist extends Whitelist
Delegating whitelist which allows certain calls to be made only when a non-ACL.SYSTEM2 user is making them.

First there is a list of unrestricted signatures; these can always be run.

Then there is a (probably much smaller) list of restricted signatures. These can be run only when the current user is a real user or even Jenkins.ANONYMOUS2, but not when ACL.SYSTEM2. Restricted methods should be limited to those which actually perform a permissions check, typically using ACL.checkPermission(hudson.security.Permission). Allowing the system pseudo-user to run these would be dangerous, since we do not know “on whose behalf” a script is running, and this “user” is permitted to do anything.

  • Constructor Details

    • AclAwareWhitelist

      public AclAwareWhitelist(Whitelist unrestricted, Whitelist restricted)
      Creates a delegating whitelist.
      Parameters:
      unrestricted - a general whitelist; anything permitted by this one will be permitted in any context
      restricted - a whitelist of method/constructor calls (field accesses never consulted) for which ACL checks are expected

  • Method Details

    • permitsMethod

      public boolean permitsMethod(@NonNull Method method, @NonNull Object receiver, @NonNull Object[] args)
      Description copied from class: Whitelist
      Checks whether a given virtual method may be invoked.

      Note that method should not be implementing or overriding a method in a supertype; in such a case the caller must pass that supertype method instead. In other words, call site selection is the responsibility of the caller (such as GroovySandbox), not the whitelist.

      Specified by:
      permitsMethod in class Whitelist
      Parameters:
      method - a method defined in the JVM
      receiver - this, the receiver of the method call
      args - zero or more arguments
      Returns:
      true to allow the method to be called, false to reject it

    • permitsConstructor

      public boolean permitsConstructor(@NonNull Constructor<?> constructor, @NonNull Object[] args)
      Specified by:
      permitsConstructor in class Whitelist

    • permitsStaticMethod

      public boolean permitsStaticMethod(@NonNull Method method, @NonNull Object[] args)
      Specified by:
      permitsStaticMethod in class Whitelist

    • permitsFieldGet

      public boolean permitsFieldGet(@NonNull Field field, @NonNull Object receiver)
      Specified by:
      permitsFieldGet in class Whitelist

    • permitsFieldSet

      public boolean permitsFieldSet(@NonNull Field field, @NonNull Object receiver, Object value)
      Specified by:
      permitsFieldSet in class Whitelist

    • permitsStaticFieldGet

      public boolean permitsStaticFieldGet(@NonNull Field field)
      Specified by:
      permitsStaticFieldGet in class Whitelist

    • permitsStaticFieldSet

      public boolean permitsStaticFieldSet(@NonNull Field field, Object value)
      Specified by:
      permitsStaticFieldSet in class Whitelist