[JENKINS-68404] Add script listener to track usage #416
Conversation
| @daniel-beck jenkinsci/jenkins#6539 (comment) Let me know what you think. |
meiswjn force-pushed the feature/add-script-listener branch from 2338f9c to b9eafc1 Compare 
src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java Outdated Show resolved Hide resolved
meiswjn changed the title | Extends listener introduced in jenkinsci/jenkins#6539 |
daniel-beck left a comment
daniel-beck left a comment There was a problem hiding this comment.
#configuring might be a good alternative to #using because that can determine who the user actually submitting the script is. It also has ApprovalContext which would probably remove the need for the API change.
| A basic pipeline: Once we've finalized the API here, looks like this needs a downstream change in |
| Looks like this PR needs to be re-filed from an origin branch, or from the fork of a committer (e.g. me), to pick up the changes to the Jenkinsfile, so we have an incremental build of this. |
| @daniel-beck I've replayed it with the updated Jenkinsfile. |
Cheater! (Thanks 😄) |
| With jenkinsci/jenkins#7056 being merged, I will continue on this PR soon :) |
| @meiswjn are you still planning to work on this? |
Since I would love to see this feature, yes. However, there are many other more pressing things right now, but I definitely want to do this. However, if someone stumbles upon this before I find time, feel free! |
daniel-beck force-pushed the feature/add-script-listener branch from 2b65531 to 81eef7b Compare | (Sorry for the noise, I thought this was an easy UI merge, but this was still on top of the old core PR 😬) |
4 participants
This PR relates to jenkinsci/jenkins#6539 and https://issues.jenkins.io/browse/JENKINS-68404. It serves the purpose to track potentially dangerous usages of groovy scripts.
The script listener is called when a script is considered to be allowed to use. This also means that scripts running in a sandbox are not logged.