Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13531

Plugin replacing "+" with " " in configuration strings when plugin is instantiated.

    Details

      Description

      I've been experimenting with the Amazon S3 Publisher plugin in Jenkins 1.460 in preparation for starting to use S3 for artifact storage & program distribution at work. I kept getting errors with the S3 plugin, however, stating "Can't connect to S3 service: The request signature we calculated does not match the signature you provided. Check your key and signing method."

      The Access & Secret Keys were correct and being stored correctly in the hudson.plugins.s3.S3BucketPublisher.xml configuration file. I added some logging to the plugin to discover that in S3BucketPublisher.DescriptorImpl.doLoginCheck(), the "secretKey" element of the StaplerRequest parameter was being returned incorrectly. There's a "+" character in the secret key. The plus was being turn into a space (" "), thus the plugin is unable to connect to S3.

      The issue first appears with Jenkins & the S3 Publisher plugin in Jenkins 1.455 and continues through 1.460. Versions 1.454 and prior behave as expected. The "+" in the secret key is retained and connection to S3 is possible. Nothing has changed in the S3 plugin in that time period, so the issue must be somewhere inside Jenkins itself. Unfortunately, I'm rather unfamiliar with the Jenkins architecture and plugin architecture an am unable to trace the issue further down the chain than that.

      To recreate the issue:

      1) get the S3 plugin (https://github.com/jenkinsci/s3-plugin)
      2) set the jenkins version on line 6 of pom.xml to 1.455 or greater.
      3) in "Configure System", add an S3 profile. Valid or not does not matter. Make sure there's a "+" in the secret key or the access key field.
      4) Set a breakpoint, or print out the value of req.getParameter("secretKey") in S3BucketPublisher.DescriptorImpl.doLoginCheck(). See that the "+" has been turned into a " ".

      The strange thing is that if you look in the actual form fields secretKey or accessKey, the + will be in there correctly. Somehow it's not getting to the actual plugin code as a +, though.

      Workarounds:

      None known at this time.

      I attempted to replace the + with its URLEncoded form "%2B" in the configuration file, but "%2B" comes through instead of being decoded into a +.

      The only hack I have to get it working for us at the office for the time being is to replace all instances of " " in the secretKey with "+". Not a good solution.

        Activity

        Hide
        cjo9900 cjo9900 added a comment -

        Tests on Jenkins 1.460 using firebug show that the Post message is sent incorrectly encoded.

        Parametersapplication/x-www-form-urlencoded
        accessKey l ll
        name kik
        secretKey
        Source
        name=kik&secretKey=&accessKey=l++ll

        according to the encoding spec
        the query string should be encoded as follows for the plus and space
        '+' -> %2B
        ' ' -> '+'

        so should be sent as
        accessKey l%2B%2Bll

        The issue is caused by the change in ./war/src/main/webapp/scripts/prototype.js which changed from version 1.5.1.1 to 1.7 between Jenkins 1.454 and 1.455. The change in this file is that the Ajax.Request class and its base class handles the parameters differently, in 1.5.1.1 a string type parameter was converted to a params hash object including a URIdecode on it. in 1.7 it stores the String parameters directly uses them as is and therefore if it is not correctly URI encoded this gets passed to the backend Winstone/Stapler which calls URIdecode on it accoring to the URI specs for query and converts the '+' to a space.

        2 solutions
        Hack prototype.js to perform this encoding

        Change the s3 plugin global.jelly to use encodeURIComponent() rather than escape()

        Show
        cjo9900 cjo9900 added a comment - Tests on Jenkins 1.460 using firebug show that the Post message is sent incorrectly encoded. Parametersapplication/x-www-form-urlencoded accessKey l ll name kik secretKey Source name=kik&secretKey=&accessKey=l++ll according to the encoding spec the query string should be encoded as follows for the plus and space '+' -> %2B ' ' -> '+' so should be sent as accessKey l%2B%2Bll The issue is caused by the change in ./war/src/main/webapp/scripts/prototype.js which changed from version 1.5.1.1 to 1.7 between Jenkins 1.454 and 1.455. The change in this file is that the Ajax.Request class and its base class handles the parameters differently, in 1.5.1.1 a string type parameter was converted to a params hash object including a URIdecode on it. in 1.7 it stores the String parameters directly uses them as is and therefore if it is not correctly URI encoded this gets passed to the backend Winstone/Stapler which calls URIdecode on it accoring to the URI specs for query and converts the '+' to a space. 2 solutions Hack prototype.js to perform this encoding Change the s3 plugin global.jelly to use encodeURIComponent() rather than escape()
        Hide
        glimberg Grant Limberg added a comment -

        I just verified that your patch works and added a comment to your pull request. Thanks cjo.

        Show
        glimberg Grant Limberg added a comment - I just verified that your patch works and added a comment to your pull request. Thanks cjo.
        Hide
        jlbthetechy John La Barge added a comment -

        I just experienced the same issue with this plugin. I made the change to the jelly file mentioned and that appeared to work.

        Show
        jlbthetechy John La Barge added a comment - I just experienced the same issue with this plugin. I made the change to the jelly file mentioned and that appeared to work.
        Hide
        glimberg Grant Limberg added a comment -

        So there's a pull request waiting in the s3-plugin repo. Any chance on getting this merged into the main line any time soon?

        https://github.com/jenkinsci/s3-plugin/pull/4

        Show
        glimberg Grant Limberg added a comment - So there's a pull request waiting in the s3-plugin repo. Any chance on getting this merged into the main line any time soon? https://github.com/jenkinsci/s3-plugin/pull/4
        Hide
        dbrinker Don Brinker added a comment -

        I'll second the above. Any chance this can get merged in soon?

        Show
        dbrinker Don Brinker added a comment - I'll second the above. Any chance this can get merged in soon?
        Hide
        scm_issue_link SCM/JIRA link daemon added a comment -

        Code changed in jenkins
        User: cjo9900
        Path:
        src/main/resources/hudson/plugins/s3/S3BucketPublisher/global.jelly
        http://jenkins-ci.org/commit/s3-plugin/f2caf34a52219a83768616c634279cbe59b59c36
        Log:
        Change escape to encodeURIcomponent so that plus chars are converted
        correctly for s3 secret and access key

        [FIXED JENKINS-13531]

        Show
        scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: cjo9900 Path: src/main/resources/hudson/plugins/s3/S3BucketPublisher/global.jelly http://jenkins-ci.org/commit/s3-plugin/f2caf34a52219a83768616c634279cbe59b59c36 Log: Change escape to encodeURIcomponent so that plus chars are converted correctly for s3 secret and access key [FIXED JENKINS-13531]
        Hide
        scm_issue_link SCM/JIRA link daemon added a comment -

        Code changed in jenkins
        User: Nicolas De loof
        Path:
        src/main/resources/hudson/plugins/s3/S3BucketPublisher/global.jelly
        http://jenkins-ci.org/commit/s3-plugin/ce00365e794f66de5e3ada9633a9ddbcc0454112
        Log:
        Merge pull request #4 from cjo9900/JENKINS-13531

        JENKINS-13531 Change escape to encodeURIcomponent so that plus chars are converted

        Compare: https://github.com/jenkinsci/s3-plugin/compare/5ab7bde2428f...ce00365e794f

        Show
        scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De loof Path: src/main/resources/hudson/plugins/s3/S3BucketPublisher/global.jelly http://jenkins-ci.org/commit/s3-plugin/ce00365e794f66de5e3ada9633a9ddbcc0454112 Log: Merge pull request #4 from cjo9900/ JENKINS-13531 JENKINS-13531 Change escape to encodeURIcomponent so that plus chars are converted Compare: https://github.com/jenkinsci/s3-plugin/compare/5ab7bde2428f...ce00365e794f

          People

          • Assignee:
            Unassigned
            Reporter:
            glimberg Grant Limberg
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: