Consider a script which accesses the method hudson.model.AbstractItem.getParent(), which by itself is harmless and will return an object containing either the folder or root item which contains the currently executing Pipeline or Job. Following that method invocation, executing hudson.model.ItemGroup.getItems(), which will list items in the folder or root item, requires the Job/Read permission.
'''
getParent() is a method in AbstractItem class. The only way to get an Item object that I know is through Jenkins.instance.getItemByFullName() which is of course blacklisted.
Isn't it invalid to say getItems() is dangerous to run when the access to it already requires an access to Jenkins.instance? It's as if we're being told not to play with the dangerous scissors that's inside a burning house.
timja
commented
2 years ago
In-process Script Approval doc says
'''
Consider a script which accesses the method hudson.model.AbstractItem.getParent(), which by itself is harmless and will return an object containing either the folder or root item which contains the currently executing Pipeline or Job. Following that method invocation, executing hudson.model.ItemGroup.getItems(), which will list items in the folder or root item, requires the Job/Read permission.
'''
getParent() is a method in AbstractItem class. The only way to get an Item object that I know is through Jenkins.instance.getItemByFullName() which is of course blacklisted.
Isn't it invalid to say getItems() is dangerous to run when the access to it already requires an access to Jenkins.instance? It's as if we're being told not to play with the dangerous scissors that's inside a burning house.
Or is there a way to get an Item safely?
Originally reported by calvinpark, imported from: Is the example in "In-process Script Approval" document valid?