From 2c50a46628bbc23e689dedbae846699cc393173d Mon Sep 17 00:00:00 2001 From: Anjan Das Date: Mon, 17 Apr 2023 11:21:09 +0530 Subject: [PATCH 1/2] Add enum.valueOf signature to the whitelist --- .../plugins/scriptsecurity/sandbox/whitelists/generic-whitelist | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index dbb73a852..439bfd373 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -116,6 +116,7 @@ new java.lang.Boolean java.lang.String staticMethod java.lang.Boolean parseBoolean java.lang.String staticMethod java.lang.Boolean valueOf boolean staticMethod java.lang.Boolean valueOf java.lang.String +staticMethod java.lang.Enum valueOf java.lang.Class java.lang.String method java.lang.CharSequence charAt int method java.lang.CharSequence isEmpty method java.lang.CharSequence length From a72844130cce39c7131ad8bb12c22da0fc3bf165 Mon Sep 17 00:00:00 2001 From: Anjan Das Date: Mon, 17 Apr 2023 11:54:39 +0530 Subject: [PATCH 2/2] Update generic-whitelist --- .../plugins/scriptsecurity/sandbox/whitelists/generic-whitelist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index 439bfd373..cc1445ada 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -116,7 +116,6 @@ new java.lang.Boolean java.lang.String staticMethod java.lang.Boolean parseBoolean java.lang.String staticMethod java.lang.Boolean valueOf boolean staticMethod java.lang.Boolean valueOf java.lang.String -staticMethod java.lang.Enum valueOf java.lang.Class java.lang.String method java.lang.CharSequence charAt int method java.lang.CharSequence isEmpty method java.lang.CharSequence length @@ -128,6 +127,7 @@ method java.lang.Comparable compareTo java.lang.Object new java.lang.Enum java.lang.String int method java.lang.Enum name method java.lang.Enum ordinal +staticMethod java.lang.Enum valueOf java.lang.Class java.lang.String new java.lang.Exception java.lang.String staticField java.lang.Integer MAX_VALUE # could add valueOf, though currently the staticField’s need to be whitelisted, which is the more likely use case