From cb952e8a5f9638b2f6bef7f2933da1ab5e05e686 Mon Sep 17 00:00:00 2001 From: john-colton-usps Date: Wed, 25 Feb 2026 09:18:15 -0600 Subject: [PATCH 1/6] Add ZonedDateTime methods to generic whitelist --- .../sandbox/whitelists/generic-whitelist | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index 3284e60b..6556bce2 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -367,6 +367,7 @@ method java.text.Format format java.lang.Object method java.text.Format formatToCharacterIterator java.lang.Object method java.text.Format parseObject java.lang.String new java.text.SimpleDateFormat java.lang.String + staticField java.time.DayOfWeek FRIDAY staticField java.time.DayOfWeek MONDAY staticField java.time.DayOfWeek SATURDAY @@ -514,6 +515,50 @@ method java.time.temporal.TemporalUnit isDateBased method java.time.temporal.TemporalUnit isDurationEstimated method java.time.temporal.TemporalUnit isSupportedBy java.time.temporal.Temporal method java.time.temporal.TemporalUnit isTimeBased +staticMethod java.time.ZonedDateTime now +staticMethod java.time.ZonedDateTime now java.time.ZoneId +staticMethod java.time.ZonedDateTime parse java.lang.CharSequence +staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter +staticMethod java.time.ZonedDateTime of java.time.LocalDate java.time.LocalTime java.time.ZoneId +staticMethod java.time.ZonedDateTime of java.time.LocalDateTime java.time.ZoneId +staticMethod java.time.ZonedDateTime ofInstant java.time.Instant java.time.ZoneId +staticMethod java.time.ZonedDateTime ofInstant java.time.LocalDateTime java.time.ZoneOffset java.time.ZoneId +method java.time.ZonedDateTime getZone +method java.time.ZonedDateTime getOffset +method java.time.ZonedDateTime toInstant +method java.time.ZonedDateTime toLocalDate +method java.time.ZonedDateTime toLocalTime +method java.time.ZonedDateTime toLocalDateTime +method java.time.ZonedDateTime withZoneSameInstant java.time.ZoneId +method java.time.ZonedDateTime withZoneSameLocal java.time.ZoneId +method java.time.ZonedDateTime plusDays long +method java.time.ZonedDateTime plusHours long +method java.time.ZonedDateTime plusMinutes long +method java.time.ZonedDateTime plusSeconds long +method java.time.ZonedDateTime plusNanos long +method java.time.ZonedDateTime minusDays long +method java.time.ZonedDateTime minusHours long +method java.time.ZonedDateTime minusMinutes long +method java.time.ZonedDateTime minusSeconds long +method java.time.ZonedDateTime minusNanos long +method java.time.ZonedDateTime withYear int +method java.time.ZonedDateTime withMonth int +method java.time.ZonedDateTime withDayOfMonth int +method java.time.ZonedDateTime withDayOfYear int +method java.time.ZonedDateTime withHour int +method java.time.ZonedDateTime withMinute int +method java.time.ZonedDateTime withSecond int +method java.time.ZonedDateTime withNano int +method java.time.ZonedDateTime getYear +method java.time.ZonedDateTime getMonthValue +method java.time.ZonedDateTime getDayOfMonth +method java.time.ZonedDateTime getDayOfYear +method java.time.ZonedDateTime getDayOfWeek +method java.time.ZonedDateTime getHour +method java.time.ZonedDateTime getMinute +method java.time.ZonedDateTime getSecond +method java.time.ZonedDateTime getNano + new java.util.ArrayList java.util.Collection staticMethod java.util.Arrays asList java.lang.Object[] staticMethod java.util.Arrays toString java.lang.Object[] From a1a198a9f96a609a55354716effc0f5c32b24f9d Mon Sep 17 00:00:00 2001 From: john-colton-usps Date: Wed, 25 Feb 2026 11:23:30 -0600 Subject: [PATCH 2/6] change position of ZonedDateTime methods in generic whitelist --- .../sandbox/whitelists/generic-whitelist | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index 6556bce2..7af98931 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -467,6 +467,49 @@ method java.time.LocalTime withHour int method java.time.LocalTime withMinute int method java.time.LocalTime withNano int method java.time.LocalTime withSecond int +staticMethod java.time.ZonedDateTime now +staticMethod java.time.ZonedDateTime now java.time.ZoneId +staticMethod java.time.ZonedDateTime parse java.lang.CharSequence +staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter +staticMethod java.time.ZonedDateTime of java.time.LocalDate java.time.LocalTime java.time.ZoneId +staticMethod java.time.ZonedDateTime of java.time.LocalDateTime java.time.ZoneId +staticMethod java.time.ZonedDateTime ofInstant java.time.Instant java.time.ZoneId +staticMethod java.time.ZonedDateTime ofInstant java.time.LocalDateTime java.time.ZoneOffset java.time.ZoneId +method java.time.ZonedDateTime getZone +method java.time.ZonedDateTime getOffset +method java.time.ZonedDateTime toInstant +method java.time.ZonedDateTime toLocalDate +method java.time.ZonedDateTime toLocalTime +method java.time.ZonedDateTime toLocalDateTime +method java.time.ZonedDateTime withZoneSameInstant java.time.ZoneId +method java.time.ZonedDateTime withZoneSameLocal java.time.ZoneId +method java.time.ZonedDateTime plusDays long +method java.time.ZonedDateTime plusHours long +method java.time.ZonedDateTime plusMinutes long +method java.time.ZonedDateTime plusSeconds long +method java.time.ZonedDateTime plusNanos long +method java.time.ZonedDateTime minusDays long +method java.time.ZonedDateTime minusHours long +method java.time.ZonedDateTime minusMinutes long +method java.time.ZonedDateTime minusSeconds long +method java.time.ZonedDateTime minusNanos long +method java.time.ZonedDateTime withYear int +method java.time.ZonedDateTime withMonth int +method java.time.ZonedDateTime withDayOfMonth int +method java.time.ZonedDateTime withDayOfYear int +method java.time.ZonedDateTime withHour int +method java.time.ZonedDateTime withMinute int +method java.time.ZonedDateTime withSecond int +method java.time.ZonedDateTime withNano int +method java.time.ZonedDateTime getYear +method java.time.ZonedDateTime getMonthValue +method java.time.ZonedDateTime getDayOfMonth +method java.time.ZonedDateTime getDayOfYear +method java.time.ZonedDateTime getDayOfWeek +method java.time.ZonedDateTime getHour +method java.time.ZonedDateTime getMinute +method java.time.ZonedDateTime getSecond +method java.time.ZonedDateTime getNano method java.time.chrono.ChronoLocalDate format java.time.format.DateTimeFormatter method java.time.chrono.ChronoLocalDate getEra method java.time.chrono.ChronoLocalDate isLeapYear @@ -515,49 +558,6 @@ method java.time.temporal.TemporalUnit isDateBased method java.time.temporal.TemporalUnit isDurationEstimated method java.time.temporal.TemporalUnit isSupportedBy java.time.temporal.Temporal method java.time.temporal.TemporalUnit isTimeBased -staticMethod java.time.ZonedDateTime now -staticMethod java.time.ZonedDateTime now java.time.ZoneId -staticMethod java.time.ZonedDateTime parse java.lang.CharSequence -staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter -staticMethod java.time.ZonedDateTime of java.time.LocalDate java.time.LocalTime java.time.ZoneId -staticMethod java.time.ZonedDateTime of java.time.LocalDateTime java.time.ZoneId -staticMethod java.time.ZonedDateTime ofInstant java.time.Instant java.time.ZoneId -staticMethod java.time.ZonedDateTime ofInstant java.time.LocalDateTime java.time.ZoneOffset java.time.ZoneId -method java.time.ZonedDateTime getZone -method java.time.ZonedDateTime getOffset -method java.time.ZonedDateTime toInstant -method java.time.ZonedDateTime toLocalDate -method java.time.ZonedDateTime toLocalTime -method java.time.ZonedDateTime toLocalDateTime -method java.time.ZonedDateTime withZoneSameInstant java.time.ZoneId -method java.time.ZonedDateTime withZoneSameLocal java.time.ZoneId -method java.time.ZonedDateTime plusDays long -method java.time.ZonedDateTime plusHours long -method java.time.ZonedDateTime plusMinutes long -method java.time.ZonedDateTime plusSeconds long -method java.time.ZonedDateTime plusNanos long -method java.time.ZonedDateTime minusDays long -method java.time.ZonedDateTime minusHours long -method java.time.ZonedDateTime minusMinutes long -method java.time.ZonedDateTime minusSeconds long -method java.time.ZonedDateTime minusNanos long -method java.time.ZonedDateTime withYear int -method java.time.ZonedDateTime withMonth int -method java.time.ZonedDateTime withDayOfMonth int -method java.time.ZonedDateTime withDayOfYear int -method java.time.ZonedDateTime withHour int -method java.time.ZonedDateTime withMinute int -method java.time.ZonedDateTime withSecond int -method java.time.ZonedDateTime withNano int -method java.time.ZonedDateTime getYear -method java.time.ZonedDateTime getMonthValue -method java.time.ZonedDateTime getDayOfMonth -method java.time.ZonedDateTime getDayOfYear -method java.time.ZonedDateTime getDayOfWeek -method java.time.ZonedDateTime getHour -method java.time.ZonedDateTime getMinute -method java.time.ZonedDateTime getSecond -method java.time.ZonedDateTime getNano new java.util.ArrayList java.util.Collection staticMethod java.util.Arrays asList java.lang.Object[] From 3d01ab45f669bea32a34b689511eb9ac85c59da5 Mon Sep 17 00:00:00 2001 From: john-colton-usps Date: Wed, 25 Feb 2026 14:11:58 -0600 Subject: [PATCH 3/6] fix ZonedDateTime method ordering --- .../sandbox/whitelists/generic-whitelist | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index 7af98931..db0f8cbe 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -467,49 +467,49 @@ method java.time.LocalTime withHour int method java.time.LocalTime withMinute int method java.time.LocalTime withNano int method java.time.LocalTime withSecond int +method java.time.ZonedDateTime getDayOfMonth +method java.time.ZonedDateTime getDayOfWeek +method java.time.ZonedDateTime getDayOfYear +method java.time.ZonedDateTime getHour +method java.time.ZonedDateTime getMinute +method java.time.ZonedDateTime getMonthValue +method java.time.ZonedDateTime getNano +method java.time.ZonedDateTime getOffset +method java.time.ZonedDateTime getSecond +method java.time.ZonedDateTime getYear +method java.time.ZonedDateTime getZone +method java.time.ZonedDateTime minusDays long +method java.time.ZonedDateTime minusHours long +method java.time.ZonedDateTime minusMinutes long +method java.time.ZonedDateTime minusNanos long +method java.time.ZonedDateTime minusSeconds long staticMethod java.time.ZonedDateTime now staticMethod java.time.ZonedDateTime now java.time.ZoneId -staticMethod java.time.ZonedDateTime parse java.lang.CharSequence -staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter staticMethod java.time.ZonedDateTime of java.time.LocalDate java.time.LocalTime java.time.ZoneId staticMethod java.time.ZonedDateTime of java.time.LocalDateTime java.time.ZoneId staticMethod java.time.ZonedDateTime ofInstant java.time.Instant java.time.ZoneId staticMethod java.time.ZonedDateTime ofInstant java.time.LocalDateTime java.time.ZoneOffset java.time.ZoneId -method java.time.ZonedDateTime getZone -method java.time.ZonedDateTime getOffset -method java.time.ZonedDateTime toInstant -method java.time.ZonedDateTime toLocalDate -method java.time.ZonedDateTime toLocalTime -method java.time.ZonedDateTime toLocalDateTime -method java.time.ZonedDateTime withZoneSameInstant java.time.ZoneId -method java.time.ZonedDateTime withZoneSameLocal java.time.ZoneId +staticMethod java.time.ZonedDateTime parse java.lang.CharSequence +staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter method java.time.ZonedDateTime plusDays long method java.time.ZonedDateTime plusHours long method java.time.ZonedDateTime plusMinutes long -method java.time.ZonedDateTime plusSeconds long method java.time.ZonedDateTime plusNanos long -method java.time.ZonedDateTime minusDays long -method java.time.ZonedDateTime minusHours long -method java.time.ZonedDateTime minusMinutes long -method java.time.ZonedDateTime minusSeconds long -method java.time.ZonedDateTime minusNanos long -method java.time.ZonedDateTime withYear int -method java.time.ZonedDateTime withMonth int +method java.time.ZonedDateTime plusSeconds long +method java.time.ZonedDateTime toInstant +method java.time.ZonedDateTime toLocalDate +method java.time.ZonedDateTime toLocalDateTime +method java.time.ZonedDateTime toLocalTime method java.time.ZonedDateTime withDayOfMonth int method java.time.ZonedDateTime withDayOfYear int method java.time.ZonedDateTime withHour int method java.time.ZonedDateTime withMinute int -method java.time.ZonedDateTime withSecond int +method java.time.ZonedDateTime withMonth int method java.time.ZonedDateTime withNano int -method java.time.ZonedDateTime getYear -method java.time.ZonedDateTime getMonthValue -method java.time.ZonedDateTime getDayOfMonth -method java.time.ZonedDateTime getDayOfYear -method java.time.ZonedDateTime getDayOfWeek -method java.time.ZonedDateTime getHour -method java.time.ZonedDateTime getMinute -method java.time.ZonedDateTime getSecond -method java.time.ZonedDateTime getNano +method java.time.ZonedDateTime withSecond int +method java.time.ZonedDateTime withYear int +method java.time.ZonedDateTime withZoneSameInstant java.time.ZoneId +method java.time.ZonedDateTime withZoneSameLocal java.time.ZoneId method java.time.chrono.ChronoLocalDate format java.time.format.DateTimeFormatter method java.time.chrono.ChronoLocalDate getEra method java.time.chrono.ChronoLocalDate isLeapYear From 1efeb5632dd7fa897062dadc4a710e9a05a300dc Mon Sep 17 00:00:00 2001 From: john-colton-usps Date: Wed, 25 Feb 2026 14:29:27 -0600 Subject: [PATCH 4/6] remove ZonedDateTime.getOffset from the generic whitelist ZonedDateTime.getOffset() is an override of ChronoZonedDateTime. --- .../plugins/scriptsecurity/sandbox/whitelists/generic-whitelist | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index db0f8cbe..74a690bf 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -474,7 +474,6 @@ method java.time.ZonedDateTime getHour method java.time.ZonedDateTime getMinute method java.time.ZonedDateTime getMonthValue method java.time.ZonedDateTime getNano -method java.time.ZonedDateTime getOffset method java.time.ZonedDateTime getSecond method java.time.ZonedDateTime getYear method java.time.ZonedDateTime getZone From 370f34dd25d0167c0fd52d675ea0fe1019b05ee3 Mon Sep 17 00:00:00 2001 From: john-colton-usps Date: Wed, 25 Feb 2026 15:34:50 -0600 Subject: [PATCH 5/6] update ZonedDateTime generic whitelist methods to non-overrides --- .../sandbox/whitelists/generic-whitelist | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index 74a690bf..a5d15253 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -472,16 +472,20 @@ method java.time.ZonedDateTime getDayOfWeek method java.time.ZonedDateTime getDayOfYear method java.time.ZonedDateTime getHour method java.time.ZonedDateTime getMinute +method java.time.ZonedDateTime getMonth method java.time.ZonedDateTime getMonthValue method java.time.ZonedDateTime getNano method java.time.ZonedDateTime getSecond method java.time.ZonedDateTime getYear -method java.time.ZonedDateTime getZone +method java.time.ZonedDateTime minus java.time.temporal.TemporalAmount method java.time.ZonedDateTime minusDays long method java.time.ZonedDateTime minusHours long method java.time.ZonedDateTime minusMinutes long +method java.time.ZonedDateTime minusMonths long method java.time.ZonedDateTime minusNanos long method java.time.ZonedDateTime minusSeconds long +method java.time.ZonedDateTime minusWeeks long +method java.time.ZonedDateTime minusYears long staticMethod java.time.ZonedDateTime now staticMethod java.time.ZonedDateTime now java.time.ZoneId staticMethod java.time.ZonedDateTime of java.time.LocalDate java.time.LocalTime java.time.ZoneId @@ -490,15 +494,17 @@ staticMethod java.time.ZonedDateTime ofInstant java.time.Instant java.time.ZoneI staticMethod java.time.ZonedDateTime ofInstant java.time.LocalDateTime java.time.ZoneOffset java.time.ZoneId staticMethod java.time.ZonedDateTime parse java.lang.CharSequence staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter +method java.time.ZonedDateTime plus java.time.temporal.TemporalAmount method java.time.ZonedDateTime plusDays long method java.time.ZonedDateTime plusHours long method java.time.ZonedDateTime plusMinutes long +method java.time.ZonedDateTime plusMonths long method java.time.ZonedDateTime plusNanos long method java.time.ZonedDateTime plusSeconds long -method java.time.ZonedDateTime toInstant -method java.time.ZonedDateTime toLocalDate -method java.time.ZonedDateTime toLocalDateTime -method java.time.ZonedDateTime toLocalTime +method java.time.ZonedDateTime plusWeeks long +method java.time.ZonedDateTime plusYears long +method java.time.ZonedDateTime toOffsetDateTime +method java.time.ZonedDateTime truncatedTo java.time.temporal.TemporalUnit method java.time.ZonedDateTime withDayOfMonth int method java.time.ZonedDateTime withDayOfYear int method java.time.ZonedDateTime withHour int @@ -507,8 +513,6 @@ method java.time.ZonedDateTime withMonth int method java.time.ZonedDateTime withNano int method java.time.ZonedDateTime withSecond int method java.time.ZonedDateTime withYear int -method java.time.ZonedDateTime withZoneSameInstant java.time.ZoneId -method java.time.ZonedDateTime withZoneSameLocal java.time.ZoneId method java.time.chrono.ChronoLocalDate format java.time.format.DateTimeFormatter method java.time.chrono.ChronoLocalDate getEra method java.time.chrono.ChronoLocalDate isLeapYear From ade4681ef0f846ba36c905fd46f4336b6889cece Mon Sep 17 00:00:00 2001 From: john-colton-usps Date: Wed, 25 Feb 2026 15:48:34 -0600 Subject: [PATCH 6/6] remove minus and plus methods from ZonedDateTime whitelist I was sure I had checked these two... --- .../plugins/scriptsecurity/sandbox/whitelists/generic-whitelist | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist index a5d15253..1be38e34 100644 --- a/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist +++ b/src/main/resources/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/generic-whitelist @@ -477,7 +477,6 @@ method java.time.ZonedDateTime getMonthValue method java.time.ZonedDateTime getNano method java.time.ZonedDateTime getSecond method java.time.ZonedDateTime getYear -method java.time.ZonedDateTime minus java.time.temporal.TemporalAmount method java.time.ZonedDateTime minusDays long method java.time.ZonedDateTime minusHours long method java.time.ZonedDateTime minusMinutes long @@ -494,7 +493,6 @@ staticMethod java.time.ZonedDateTime ofInstant java.time.Instant java.time.ZoneI staticMethod java.time.ZonedDateTime ofInstant java.time.LocalDateTime java.time.ZoneOffset java.time.ZoneId staticMethod java.time.ZonedDateTime parse java.lang.CharSequence staticMethod java.time.ZonedDateTime parse java.lang.CharSequence java.time.format.DateTimeFormatter -method java.time.ZonedDateTime plus java.time.temporal.TemporalAmount method java.time.ZonedDateTime plusDays long method java.time.ZonedDateTime plusHours long method java.time.ZonedDateTime plusMinutes long