Class GroovySourceFileAllowlist
java.lang.Object
org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist
- All Implemented Interfaces:
ExtensionPoint
- Direct Known Subclasses:
GroovySourceFileAllowlist.DefaultAllowlist
Determines what Groovy source files can be loaded in Pipelines.
In Pipeline, the standard behavior of
GroovyClassLoader would allow Groovy source files from core or plugins
to be loaded as long as they are somewhere on the classpath. This includes things like Groovy views, which are not
intended to be available to pipelines. When these files are loaded, they are loaded by the trusted
CpsGroovyShell and are not sandbox-transformed, which means that allowing arbitrary Groovy source files to
be loaded is potentially unsafe.
GroovySourceFileAllowlist.ClassLoaderImpl blocks all Groovy source files from being loaded by default unless they are allowed by an
implementation of this extension point.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classAllows Groovy source files used to implement DSLs in plugins that were created beforeGroovySourceFileAllowlistwas introduced.Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic List<GroovySourceFileAllowlist>all()abstract booleanChecks whether a given Groovy source file is allowed to be loaded byCpsFlowExecution.getTrustedShell().
-
Constructor Details
-
GroovySourceFileAllowlist
public GroovySourceFileAllowlist()
-
-
Method Details
-
isAllowed
Checks whether a given Groovy source file is allowed to be loaded byCpsFlowExecution.getTrustedShell().- Parameters:
groovySourceFileUrl- the absolute URL to the Groovy source file as returned byClassLoader.getResource(java.lang.String)- Returns:
trueif the Groovy source file may be loaded,falseotherwise
-
all
-