Hi,
We are trying to extend the Jenkins pipeline with shared libraries.
We are building maven projects and we need to read the pom file, because we are trying to follow a test driven development, we used readFile from the shared library, in that way we can mock and test the content of the pom file.
We are getting a warning saying that the signature might introduce vulnerabilities.
Signature: method groovy.lang.GroovyObject getProperty java.lang.String
I had the idea that everything runs in a sandBox, readFile won’t be able to leave the sandbox.
Is there a better way of doing this?
Is there any risk on using readFile on a shared library?
thanks in advance.