Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-15722

Do not echo HTTPS password when cloning

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The Mercurial plugin prints the hg clone command it is running. This should mask out any password in the clone URL (when using HTTPS).

      Also kilnhg.com apparently puts an authentication token into the username field of a URL (the password is ignored but most not be missing lest Hg prompt for it). Ideally this would not be echoed either, though .hg/hgrc will show it to anyone with WORKSPACE permission. Better might be to delete .hg/hgrc#paths.default after cloning and then pass the full URL including authentication fields during subsequent network operations such as pull.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Better to use credentials, which get masked.

            Show
            jglick Jesse Glick added a comment - Better to use credentials, which get masked.

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: