# Reflective access to Groovy is too open-ended. Approve only specific GroovyObject subclass methods.
method groovy.lang.GroovyObject getMetaClass
method groovy.lang.GroovyObject getProperty java.lang.String
method groovy.lang.GroovyObject invokeMethod java.lang.String java.lang.Object
method groovy.lang.GroovyObject setMetaClass groovy.lang.MetaClass
method groovy.lang.GroovyObject setProperty java.lang.String java.lang.Object

# Raw file operations could be used to compromise the Jenkins master.
new java.io.File java.lang.String
new java.io.File java.lang.String java.lang.String
new java.io.File java.net.URI
new java.io.FileInputStream java.lang.String
new java.io.FileOutputStream java.lang.String
new java.io.FileOutputStream java.lang.String boolean
new java.io.FileReader java.lang.String
new java.io.FileWriter java.lang.String
new java.io.FileWriter java.lang.String boolean
new java.io.PrintStream java.lang.String
new java.io.PrintStream java.lang.String java.lang.String
new java.io.PrintWriter java.lang.String
new java.io.PrintWriter java.lang.String java.lang.String
new java.io.RandomAccessFile java.lang.String java.lang.String

# Same for local process execution.
staticMethod java.lang.Runtime getRuntime

# Duh.
staticMethod java.lang.System exit int

# NIO file operations must start with a Path:
staticMethod java.nio.file.Paths.get java.lang.String java.lang.String[]
staticMethod java.nio.file.Paths.get java.net.URI

# More process execution, Groovy-style:
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String java.lang.String[] java.io.File
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String java.util.List java.io.File
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String[]
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String[] java.lang.String[] java.io.File
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.lang.String[] java.util.List java.io.File
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.util.List
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.util.List java.lang.String[] java.io.File
staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods execute java.util.List java.util.List java.io.File

# TODO do we need a @Blacklisted annotation?
method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
