Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11934

Once a job config has been submitted, new/updated global passwords are not masked

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      It seems there is a bug in eithe the global name/password configuration or the consumption of these in the job, at least in an Ant build step.

      I do the following:
      1. create a global password in the global configuration, e.g. PW_1=password1
      2. create a new job (free-style build)
      3. in the job configuration, select "Mask Passwords" (seems this is always necessary, otherwise the global password param will not be evaluated, see issue JENKINS-11924)
      4. define an ant invocation build step
      5. in the properties of the ant step, define password=${PW_1}
      6. run the job and inspect the log --> ok
      7. go back to the global configuration and define another password, e.g. PW_2=password2
      8. run the job you've created in step 2 again, WITHOUT entering the new PW_2 parameter somewhere in the job configuration
      9. inspect the log

      result: in the log I see the following line:
      [myproj1] $ cmd.exe /C '"ant.bat -file build.xml -DPW_1=******** -DPW_2=password2" build && exit %%ERRORLEVEL%%"'

      This means:
      a) it seems global password parameters that have been added after the job was created show up in the log, even if they are not used in the job configuration
      b) these passwords are not hidden

        Attachments

          Activity

          Hide
          rseguy Romain Seguy added a comment -

          OK, I know what happens (PW_2 is simply not included into the list of passwords to mask for jobs which were run before it was added). I'll fix that tom or Friday and will release 2.7.2 since it's a security issue.

          Show
          rseguy Romain Seguy added a comment - OK, I know what happens (PW_2 is simply not included into the list of passwords to mask for jobs which were run before it was added). I'll fix that tom or Friday and will release 2.7.2 since it's a security issue.
          Hide
          rseguy Romain Seguy added a comment -

          Will be delivered in 2.7.2.

          Show
          rseguy Romain Seguy added a comment - Will be delivered in 2.7.2.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: rseguy
          Path:
          src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsBuildWrapper.java
          http://jenkins-ci.org/commit/mask-passwords-plugin/736389f00168d10653d321d7248ecc7df0038124
          Log:
          [FIXED JENKINS-11934] Once a job config has been submitted, new/updated global passwords are not masked

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: rseguy Path: src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsBuildWrapper.java http://jenkins-ci.org/commit/mask-passwords-plugin/736389f00168d10653d321d7248ecc7df0038124 Log: [FIXED JENKINS-11934] Once a job config has been submitted, new/updated global passwords are not masked

            People

            • Assignee:
              rseguy Romain Seguy
              Reporter:
              jensk Jens Keller
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: