Class GroovySourceFileAllowlist
- java.lang.Object
-
- org.jenkinsci.plugins.workflow.cps.GroovySourceFileAllowlist
-
- All Implemented Interfaces:
ExtensionPoint
- Direct Known Subclasses:
GroovySourceFileAllowlist.DefaultAllowlist
public abstract class GroovySourceFileAllowlist extends Object implements ExtensionPoint
Determines what Groovy source files can be loaded in Pipelines. In Pipeline, the standard behavior ofGroovyClassLoader
would allow Groovy source files from core or plugins to be loaded as long as they are somewhere on the classpath. This includes things like Groovy views, which are not intended to be available to pipelines. When these files are loaded, they are loaded by the trustedCpsGroovyShell
and are not sandbox-transformed, which means that allowing arbitrary Groovy source files to be loaded is potentially unsafe.GroovySourceFileAllowlist.ClassLoaderImpl
blocks all Groovy source files from being loaded by default unless they are allowed by an implementation of this extension point.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
GroovySourceFileAllowlist.DefaultAllowlist
Allows Groovy source files used to implement DSLs in plugins that were created beforeGroovySourceFileAllowlist
was introduced.-
Nested classes/interfaces inherited from interface hudson.ExtensionPoint
ExtensionPoint.LegacyInstancesAreScopedToHudson
-
-
Constructor Summary
Constructors Constructor Description GroovySourceFileAllowlist()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description static List<GroovySourceFileAllowlist>
all()
abstract boolean
isAllowed(String groovySourceFileUrl)
Checks whether a given Groovy source file is allowed to be loaded byCpsFlowExecution.getTrustedShell()
.
-
-
-
Method Detail
-
isAllowed
public abstract boolean isAllowed(String groovySourceFileUrl)
Checks whether a given Groovy source file is allowed to be loaded byCpsFlowExecution.getTrustedShell()
.- Parameters:
groovySourceFileUrl
- the absolute URL to the Groovy source file as returned byClassLoader.getResource(java.lang.String)
- Returns:
true
if the Groovy source file may be loaded,false
otherwise
-
all
public static List<GroovySourceFileAllowlist> all()
-
-