Closed robinfriedli closed 1 year ago
My current workaround is to do the following, which also seems to work
def noneMatch = list.stream().noneMatch({s -> s.indexOf((int) somec) >= 0})
while (noneMatch) {
somec++
noneMatch = list.stream().noneMatch({s -> s.indexOf((int) somec) >= 0})
}
Thanks for the bug report! I looked into this today to try to understand whether the bug could be used to bypass the sandbox by confusing the transformer. I think it's safe, since the problem appears to be that the expression in question is being transformed by the sandbox multiple times.
This happens because ClassCodeExpressionTransformer.visitWhileLoop
first transforms the condition expression for the loop, then visits the body by calling super.visitWhileLoop
, which ends up visiting the condition expression again. Because of this, the same problem probably also affects do-while loops, and maybe also for loops, since the visitor code for them uses similar logic.
Has this been forgotten? Or waiting for approval?
Hi: Is any realeased version which has solved this bug?
Any resolution for this bug nowadays?
Hi,
I have the following sample code which works fine when running it in a groovy class:
However, when trying to execute this code via the GroovyShell, a MissingPropertyException is thrown for the closure parameter 's'. It seems that
org.kohsuke.groovy.sandbox.impl.Checker
is trying to find the property on the Script object, rather than within the closure. When changing the while to an if statement everything seems to work andorg.kohsuke.groovy.sandbox.impl.Checker#checkedGetProperty
is never called in the first place.Full stack trace: