Add StringGroovyMethods/DefaultGroovyMethods replaceFirst to whitelist entries

[ugrave]

Add all entries which are already existing for the StringGroovyMethods.replaceFirst also to the DefaultGroovyMethods.replaceFirst.

Include the missing signature for version for replaceFirst java.lang.String java.util.regex.Pattern java.lang.String for StringGroovyMethods and DefaultGroovyMethods

The methods on the DefaultGroovyMethods are marked as deprecated but are still used.

Submitter checklist

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests that demonstrate the feature works or the issue is fixed

Closes #906

[jglick]

https://github.com/apache/groovy/blob/41b990d0a20e442f29247f0e04cbed900f3dcad4/src/main/org/codehaus/groovy/runtime/StringGroovyMethods.java#L2730 This overload is deprecated. (May be true of others, I did not check yet.) Does the sandbox actually check this one specifically when you write e.g.

'xxx'.replaceFirst(/x/, 'y')

or would it use the CharSequence overload? Could check in e.g.

script-security-plugin/src/test/java/org/jenkinsci/plugins/scriptsecurity/sandbox/whitelists/GenericWhitelistTest.java

Line 34 in c6ff4ef

public class GenericWhitelistTest {

even if the result is not committed.

[ugrave]

Yes i also saw it that the string is depreicated. But in my test is using the string overload and not the CharSequence overload.

I didt a test with all replaceFirst whiliste removed for String, StringGroovyMethodsandDefaultGroovyMethodsAn get different results depending of thereplaceFirst` is used:

• 'xxx'.replaceFirst(/x/, 'y'): Scripts not permitted to use method java.lang.String replaceFirst java.lang.String java.lang.String
• 'xxx'.replaceFirst(~/x/, 'y'): Scripts not permitted to use staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods replaceFirst java.lang.String java.util.regex.Pattern java.lang.String

Nut sure when this StringGroovyMethod is used. In my case its using always the DefaultGroovyMethods or from String itself. (maybe because String itself has also now a replaceFirst method)