Class GroovySourceFileAllowlist

  • All Implemented Interfaces:
    ExtensionPoint
    Direct Known Subclasses:
    GroovySourceFileAllowlist.DefaultAllowlist

    public abstract class GroovySourceFileAllowlist
    extends Object
    implements ExtensionPoint
    Determines what Groovy source files can be loaded in Pipelines. In Pipeline, the standard behavior of GroovyClassLoader would allow Groovy source files from core or plugins to be loaded as long as they are somewhere on the classpath. This includes things like Groovy views, which are not intended to be available to pipelines. When these files are loaded, they are loaded by the trusted CpsGroovyShell and are not sandbox-transformed, which means that allowing arbitrary Groovy source files to be loaded is potentially unsafe. GroovySourceFileAllowlist.ClassLoaderImpl blocks all Groovy source files from being loaded by default unless they are allowed by an implementation of this extension point.