[JENKINS-75349] Enhance Whitelist checking to inspect invokeMethod arguments #900
Description
Currently the special groovy invokeMethod method is either whitelisted as a whole or rejected as a whole.
This could be enhanced to check if either invokeMethod is permitted or the method invokeMethod is calling is permitted. If nether is permitted then the UI approve list could add both methods.
This enhancement would allow for selective invokeMethod use which is required for things like proxying or the groovy @Delegate annotation.
Originally reported by mrichar2, imported from: Enhance Whitelist checking to inspect invokeMethod arguments
- status: Open
- priority: Minor
- component(s): script-security-plugin
- resolution: Unresolved
- votes: 0
- watchers: 1
- imported: 2025-12-09
Raw content of original issue
Currently the special groovy invokeMethod method is either whitelisted as a whole or rejected as a whole.
This could be enhanced to check if either invokeMethod is permitted or the method invokeMethod is calling is permitted. If nether is permitted then the UI approve list could add both methods.
This enhancement would allow for selective invokeMethod use which is required for things like proxying or the groovy @Delegate annotation.