FreeMarker template UnknownTriggerReason.getName() blocked by FreeMarker allowlist

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 12.1.3
    • Affects Version/s: 12.1.0, 12.1.2
    • Component/s: Builds
    • None
    • 1
    • Severity 2 - Major
    • 1

      Issue Summary

      The FreeMarker allowlist freemarker-allowlist.properties does not include UnknownTriggerReason.getName(). When a build has no trigger reason key in its custom data, the system falls back to UnknownTriggerReason. The template unknownTriggerReason.ftl then calls .getName(), which is blocked by the allowlist.

      Steps to Reproduce

      N/A

      Expected Results

      Actual Results

      The below exception is thrown in the atlassian-bamboo.log file:

      WARN [BambooFreemarkerAllowlistBeansWrapper] Forbidden method invocation: com.atlassian.bamboo.v2.build.trigger.UnknownTriggerReason.getName()
ERROR Error executing FreeMarker template freemarker.core._TemplateModelException: An error has occurred when reading existing
  sub-variable "name"; see cause exception!
Failed at: ${(triggerReason.name)!"Unknown trigg...
  [in template "com/atlassian/bamboo/build/triggerReasons/unknownTriggerReason.ftl" at line 1]
Caused by: java.lang.IllegalAccessException: Forbidden method invocation:
  com.atlassian.bamboo.v2.build.trigger.UnknownTriggerReason.getName()

      Workaround

      1. Take a backup of <BAMBOO_INSATLL_DIR>/atlassian-bamboo/WEB-INF/classes/freemarker-allowlist.properties
      2. Add the below method to the end of the file like below: 

      ,\
com.atlassian.bamboo.v2.build.trigger.UnknownTriggerReason.getName()

      3. Restart the Bamboo

              Assignee:
              Mateusz Szmal
              Reporter:
              Jyothi Charupalli
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: