Why am I unable to see a method in In-process Script Approval?

Article ID:360016527252
2 minute readKnowledge base

Issue

  • You have received a RejectedAccessException error (e.g., org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException: Scripts not permitted to use method)

  • The method does not show up in Manage Jenkins > In-process Script Approval for approval

Environment

Resolution

Case 1: The method is included in Script Security.

The method is dangerous, will not be available for approval, and can not be approved.

Case 2: The method is wrapped in a try/catch block and gets suppressed.

In versions of the 'Pipeline: Groovy' plugin older than 2.67, if you catch a RejectedAccessException and don’t throw it onward to cause the build to fail, you’ll never be asked to approve the method or script. This bug (JENKINS-34973) has been fixed, and it is recommended that users upgrade to the latest version of 'Pipeline: Groovy.'

If you are unable to upgrade, you will need to modify your Pipeline code. The method will not show up in the Script Approval list when written as:

try {
    //Method Requiring Script Approval Here
} catch(e) {
    echo 'There was an error'
}

You will need to re-throw the exception to propagate the error to In-process Script Approval:

try {
    //Method Requiring Script Approval Here
} catch(e) {
    if (e instanceof RejectedAccessException) {
        throw e
    }
}

This can also be written as:

try {
    //Method Requiring Script Approval Here
} catch(RejectedAccessException e) {
    throw e
} catch(e) {
    echo 'There was an error'
}

Note: There is variant of this issue which can also result in a method not being added to Script Approval.

If you are seeing:

RejectedAccessException: No such field found

This means that Jenkins is unable to determine what method the script was trying to call in order to even check whether it should be accepted. In this case, please open a ticket with CloudBees Support.

Jenkins issue

References