Jenkins CI Pipeline Scripts not permitted to use method groovy lang GroovyObject

Question

I am Using Jenkins 2 for compiling Java Projects  I want to read the version from a pom xml  I was following this example   https   github com jenkinsci pipeline-plugin blob master TUTORIAL md  The example suggest     It seems that there is some security problem accessing the File System but I can t figure out what it is giving  or why  that problem   I am just doing a little bit different than the example   def version         String path   pwd        def matcher   readFile    path  pom xml        lt version gt      lt  version gt       return matcher   matcher 0  1    null     The Error I am getting when running the  version  method    org jenkinsci plugins scriptsecurity sandbox RejectedAccessException  Scripts not permitted to use method groovy lang GroovyObject invokeMethod java lang String java lang Object  org codehaus groovy runtime GStringImpl call org codehaus groovy runtime GStringImpl      at org jenkinsci plugins scriptsecurity sandbox whitelists StaticWhitelist rejectMethod StaticWhitelist java 165      at org jenkinsci plugins scriptsecurity sandbox groovy SandboxInterceptor onMethodCall SandboxInterceptor java 117      at org jenkinsci plugins scriptsecurity sandbox groovy SandboxInterceptor onMethodCall SandboxInterceptor java 103      at org kohsuke groovy sandbox impl Checker 1 call Checker java 149      at org kohsuke groovy sandbox impl Checker checkedCall Checker java 146      at com cloudbees groovy cps sandbox SandboxInvoker methodCall SandboxInvoker java 15      at WorkflowScript run WorkflowScript 71      at    cps transform    Native Method      at com cloudbees groovy cps impl ContinuationGroup methodCall ContinuationGroup java 55      at com cloudbees groovy cps impl FunctionCallBlock ContinuationImpl dispatchOrArg FunctionCallBlock java 106      at com cloudbees groovy cps impl FunctionCallBlock ContinuationImpl fixArg FunctionCallBlock java 79      at sun reflect GeneratedMethodAccessor408 invoke Unknown Source      at sun reflect DelegatingMethodAccessorImpl invoke DelegatingMethodAccessorImpl java 43      at java lang reflect Method invoke Method java 601      at com cloudbees groovy cps impl ContinuationPtr ContinuationImpl receive ContinuationPtr java 72      at com cloudbees groovy cps impl FunctionCallBlock ContinuationImpl dispatchOrArg FunctionCallBlock java 100      at com cloudbees groovy cps impl FunctionCallBlock ContinuationImpl fixArg FunctionCallBlock java 79      at sun reflect GeneratedMethodAccessor408 invoke Unknown Source      at sun reflect DelegatingMethodAccessorImpl invoke DelegatingMethodAccessorImpl java 43      at java lang reflect Method invoke Method java 601      at com cloudbees groovy cps impl ContinuationPtr ContinuationImpl receive ContinuationPtr java 72      at com cloudbees groovy cps impl ContinuationGroup methodCall ContinuationGroup java 57      at com cloudbees groovy cps impl FunctionCallBlock ContinuationImpl dispatchOrArg FunctionCallBlock java 106      at com cloudbees groovy cps impl FunctionCallBlock ContinuationImpl fixArg FunctionCallBlock java 79      at sun reflect GeneratedMethodAccessor408 invoke Unknown Source    I am using these versions  Plugin Pipeline 2 1 Jenkins 2 2

User · Answer

I ran into this when I reduced the number of user-input parameters in userInput from 3 to 1. This changed the variable output type of userInput from an array to a primitive.

Example:

myvar1 = userInput['param1']
myvar2 = userInput['param2']

to:

myvar = userInput

User · Answer

You have to disable the sandbox for Groovy in your job configuration   Currently this is not possible for multibranch projects where the groovy script comes from the scm  For more information see https   issues jenkins-ci org browse JENKINS-28178

User · Answer

Quickfix  I had similar issue and I resolved it doing the following   Navigate to jenkins   Manage jenkins   In-process Script Approval There was a pending command  which I had to approve      Alternative 1  Disable sandbox  As this article explains in depth  groovy scripts are run in sandbox mode by default  This means that a subset of groovy methods are allowed to run without administrator approval  It s also possible to run scripts not in sandbox mode  which implies that the whole script needs to be approved by an administrator at once  This preventing users from approving each line at the time    Running scripts without sandbox can be done by unchecking this checkbox in your project config just below your script    Alternative 2  Disable script security  As this article explains it also possible to disable script security completely  First install the permissive script security plugin and after that change your jenkins xml file add this argument      -Dpermissive-script-security enabled true   So you jenkins xml will look something like this    lt executable gt   bin java lt  executable gt   lt arguments gt -Dpermissive-script-security enabled true -Xrs -Xmx4096m -Dhudson lifecycle hudson lifecycle WindowsServiceLifecycle -jar   BASE  jenkins war  --httpPort 80 --webroot   BASE  war  lt  arguments gt    Make sure you know what you are doing if you implement this

User · Answer

To get around sandboxing of SCM stored Groovy scripts  I recommend to run the script as Groovy Command  instead of Groovy Script file    import hudson FilePath final GROOVY SCRIPT    workspace relative path to the checked out groovy script groovy   evaluate new FilePath build workspace  GROOVY SCRIPT  read   text    in such case  the groovy script is transferred from the workspace to the Jenkins Master where it can be executed as a system Groovy Script  The sandboxing is suppressed as long as the Use Groovy Sandbox is not checked

[maven] Jenkins CI Pipeline Scripts not permitted to use method groovy.lang.GroovyObject

Examples related to maven

Examples related to jenkins

Examples related to continuous-integration

Examples related to jenkins-pipeline