Issues Importing hudson.model.ParametersAction Package in Jenkins 2.452.4 Sandboxed Version

Schikkeg · December 4, 2024, 6:00pm

Hello everyone,

I am currently facing challenges with importing the hudson.model.ParametersAction package in the Groovy console of Jenkins 2.452.4 sandboxed version. Despite attempts to import the package and set class paths for jenkins-core, setting system property hudson.model.ParametersAction.safeParameters=…, I have encountered restrictions that seem to prevent successful import.

Upon inspecting the jenkins-core jar file, it appears that the hudson and related model packages are null, potentially due to security measures in the sandboxed environment.

I am seeking guidance on how to securely set the value to a parameter so that I can effectively use the package within the restricted environment. Any insights, workarounds, or best practices for addressing import restrictions in a sandboxed Jenkins environment would be greatly appreciated.

Code is simple
import hudson.model.ParametersAction

error is

unable to resolve class hudson.model.ParametersAction
@ line 1, column 1.

Thank you in advance for your assistance and insights.

poddingue · December 5, 2024, 9:59am

Hello and welcome to this community, @Schikkeg.

In a sandboxed Jenkins environment, certain classes and methods are restricted for security reasons.
The hudson.model.ParametersAction class is one of those restricted classes, which is certainly why you are encountering the error.

To work around this restriction, I think you could use the @NonCPS annotation to mark methods that should not be executed in the Groovy CPS (Continuation Passing Style) transformation. This allows you to bypass some of the sandbox restrictions. However, this approach should be used with caution as it can introduce security risks.

Here is an untested example of how you could maybe set a parameter value using the @NonCPS annotation:

@NonCPS
def setParameterValue(String paramName, String paramValue) {
    def build = currentBuild.rawBuild
    def paramsAction = build.getAction(hudson.model.ParametersAction)
    def newParams = paramsAction.parameters.collect { param ->
        if (param.name == paramName) {
            return new hudson.model.StringParameterValue(paramName, paramValue)
        }
        return param
    }
    build.actions.remove(paramsAction)
    build.actions.add(new hudson.model.ParametersAction(newParams))
}

setParameterValue('MY_PARAM', 'new_value')

Please note that using @NonCPS can bypass some of the sandbox restrictions, but it should be used with caution and only when necessary. Always review and test your scripts thoroughly to ensure they do not introduce security vulnerabilities.

jglick · December 5, 2024, 11:51pm

@NonCPS does not bypass sandbox restrictions. The sandbox transformer and the CPS transformer are (mostly) orthogonal.

At any rate, whatever the original poster was attempting to accomplish (unclear), this is not the way to do it.

Topic		Replies	Views
What import is used in Pipeline to use the class: Jira Version Parameter Definition? Using Jenkins	1	279	November 11, 2022
Groovy as shared library to add an additional parameter to a jenkins job Ask a question question	1	2420	October 25, 2022
Jenkins Environment Parameters with groovy Using Jenkins	2	7776	March 18, 2022
Jenkins Content Security Policy Using Jenkins question	1	15	November 20, 2024
Jenkins 2.401.3 after upgrade issue Ask a question	2	694	December 14, 2023

Issues Importing hudson.model.ParametersAction Package in Jenkins 2.452.4 Sandboxed Version

Related topics