Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16516

Masked Passwords are shown as input parameters in Build pipeline plugin

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      1. I have configured global parameters for masking passwords. Plugin: Mask Passwords Plugin
      2. I have created job and enable mask password
      3. I have created build pipeline view. Plugin: Build Pipeline Plugin with the first job with masked passwords.

      The result was, that the input parameters contains masked password in plaintext in the pipeline view.

        Attachments

          Issue Links

            Activity

            Hide
            riccardo_gorza Riccardo Gorza added a comment -

            The same is true for passwords masked by the envinject plugin. They are all displayed, if "Show pipeline parameters" is set to true.

            Show
            riccardo_gorza Riccardo Gorza added a comment - The same is true for passwords masked by the envinject plugin. They are all displayed, if "Show pipeline parameters" is set to true.
            Hide
            klst Klaus Stadler added a comment -

            Unfortunately, the problem is still there.
            Any chance this will be fixed?

            Show
            klst Klaus Stadler added a comment - Unfortunately, the problem is still there. Any chance this will be fixed?
            Show
            tetra Thomas Carsuzan added a comment - Fixed in 1.4.3-SNAPSHOT Commit : https://github.com/jenkinsci/build-pipeline-plugin/commit/bf1bedebaf8bc625367669f0e80fe36865355f4c
            Hide
            tetra Thomas Carsuzan added a comment -

            It does not seem that these plugins set their data as sensitive.

            Show
            tetra Thomas Carsuzan added a comment - It does not seem that these plugins set their data as sensitive.
            Hide
            tetra Thomas Carsuzan added a comment - - edited

            Now waiting for my MaskedPasswordPlugin pull request to be merged.

            https://github.com/jenkinsci/mask-passwords-plugin/pull/1
            Thomas

            Show
            tetra Thomas Carsuzan added a comment - - edited Now waiting for my MaskedPasswordPlugin pull request to be merged. https://github.com/jenkinsci/mask-passwords-plugin/pull/1 Thomas
            Hide
            ericlemes Eric Lemes added a comment -

            I've rebuild the plugin from the source code and Thomas commit have fixed the problem for Job Password Parameters. The only issue I can observe is that Thomas' fix remove the parameter instead of masking it.

            I tried to simulate the issue with EnvInject plugin (I personally don't use it) and the injected variables don't appear in the pipeline view.

            I've created a pull request of this small fix: https://github.com/jenkinsci/build-pipeline-plugin/pull/36

            Show
            ericlemes Eric Lemes added a comment - I've rebuild the plugin from the source code and Thomas commit have fixed the problem for Job Password Parameters. The only issue I can observe is that Thomas' fix remove the parameter instead of masking it. I tried to simulate the issue with EnvInject plugin (I personally don't use it) and the injected variables don't appear in the pipeline view. I've created a pull request of this small fix: https://github.com/jenkinsci/build-pipeline-plugin/pull/36
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The issue seems to be fixed. https://github.com/jenkinsci/mask-passwords-plugin/pull/4 will also produce lists of sensitive variables within the Mask Passwords plugin.

            Show
            oleg_nenashev Oleg Nenashev added a comment - The issue seems to be fixed. https://github.com/jenkinsci/mask-passwords-plugin/pull/4 will also produce lists of sensitive variables within the Mask Passwords plugin.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            2.7.4 has been released. Marking the issue as solved

            Show
            oleg_nenashev Oleg Nenashev added a comment - 2.7.4 has been released. Marking the issue as solved

              People

              • Assignee:
                tetra Thomas Carsuzan
                Reporter:
                rdkchrom Radek Chromy
              • Votes:
                2 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: