I have a scripted Jenkins Pipeline and cannot approve the sandbox restriction for groovy.io.FileType FILES. For example the following Jenkins Pipeline snippet does not work in the sandbox out of the box:
new File("/tmp").eachFileRecurse(FileType.FILES) { file ->
echo "$file"
}
An exception is thrown:
Exception stacktrace: org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use staticField groovy.io.FileType FILES
at org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist.rejectStaticField(StaticWhitelist.java:199)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor$14.reject(SandboxInterceptor.java:372)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:381)
at org.kohsuke.groovy.sandbox.impl.Checker$6.call(Checker.java:288)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:292)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:29)
at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
at WorkflowScript.copySqlFiles(WorkflowScript:101)
at WorkflowScript.run(WorkflowScript:58)
at org.jenkinsci.plugins.docker.workflow.Docker$Image.inside(jar:file:/var/jenkins_home/plugins/docker-workflow/WEB-INF/lib/docker-workflow.jar!/org/jenkinsci/plugins/docker/workflow/Docker.groovy:136)
...
Normally an entry is created for this type in
Manage Jenkins » In-process Script Approval, but for this exception not. This is really strange, because if I traverse directories with new File("/tmp").eachFileRecurse(FileType.DIRECTORIES) it is working and I could approve the exception, but now there is no approval entry generated for FILES...
One workaround is to use the Groovy Script Console via Sub-URL .../script and running the following script:
def signature = 'staticField groovy.io.FileType FILES'
org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get().approveSignature(signature)