Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add enum.valueOf signature to the whitelist #493

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add enum.valueOf signature to the whitelist #493

wants to merge 2 commits into from

Conversation

dasanjan1296
Copy link
Contributor

@dasanjan1296 dasanjan1296 commented Apr 17, 2023
edited
Loading

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

This will whitelist the enum.valueOf signature. Currently, I'm having to use a workaround as follows:

for (Chores chore : Chores.values()) {
    if (chore.name() == bom.config.chore_type) {
        chore_type = chore
    }
}

instead of a simple:

chore_type = Chores.valueOf(bom.config.chore_type)

dwnusbaum
dwnusbaum requested changes Apr 17, 2023
View reviewed changes
Copy link
Member

@dwnusbaum dwnusbaum left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Someone needs to think about enum behavior in the sandbox more generally before approving this. Currently each individual enum value must be approved, see for example:

script-security-plugin/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist

Lines 779 to 782 in e8ba173

staticField java.util.concurrent.TimeUnit HOURS
staticField java.util.concurrent.TimeUnit MILLISECONDS
staticField java.util.concurrent.TimeUnit MINUTES
staticField java.util.concurrent.TimeUnit SECONDS

This PR would effectively allow access to all enum values in the JVM. Is that a security issue? Does it make it easier to exploit other issues? I am not sure.

Personally, I would start with trying to special-case this method in SandboxInterceptor for enum classes defined in sandboxed scripts (always safe) rather than allowing it generally.

If after considering enum behavior in general, we decide that allowing access to everything is fine, then in addition to allowing Enum.valueOf we should modify SandboxInterceptor so that direct access to enum fields is always allowed and all existing enum values in generic-whitelist can be removed. There are also various special cases in groovy-sandbox related to casting that I think should be removed at the same time if that change was made.

See also some related discussion in JENKINS-71056.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwnusbaum dwnusbaum dwnusbaum requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dasanjan1296 @dwnusbaum