Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16632

Jclouds BlobStore writes key to console log when blob store returns 401 error.

    Details

    • Similar Issues:

      Description

      The Jclouds jenkins plugin can expose your Jclouds Storage credentials if the remote store returns a 401 not authorized. When this happens an exception is thrown which is written to the build's console log and this exception contains the sensitive data. This exception should be caught and handled in a way that does not expose this information in build logs (or any logs ideally).

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          src/main/java/jenkins/plugins/jclouds/blobstore/BlobStorePublisher.java
          http://jenkins-ci.org/commit/jclouds-plugin/01991c65a1f3831fe3a4b7f05b963dd137d10bfa
          Log:
          [FIXED JENKINS-16632] Catch AuthorizationException and don't echo the message, so we don't echo the creds.


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: src/main/java/jenkins/plugins/jclouds/blobstore/BlobStorePublisher.java http://jenkins-ci.org/commit/jclouds-plugin/01991c65a1f3831fe3a4b7f05b963dd137d10bfa Log: [FIXED JENKINS-16632] Catch AuthorizationException and don't echo the message, so we don't echo the creds. – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Clark Boylan
          Path:
          src/main/java/jenkins/plugins/jclouds/blobstore/BlobStorePublisher.java
          http://jenkins-ci.org/commit/jclouds-plugin/8b55b2f580e6f0a3ab89c7f5f265952d11e27a41
          Log:
          [Fix JENKINS-16632] Don't print auth stack traces.

          Really fix JENKINS-16632. We cannot print the AuthorizationException
          stack trace because it contains private auth info and printing the stack
          trace writes it to the Jenkins build console log. Instead catch
          AuthorizationExceptions then create a new RuntimeException whose message
          can be printed. Print the RuntimeException stack trace and a helpful
          message that authorization failed.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Clark Boylan Path: src/main/java/jenkins/plugins/jclouds/blobstore/BlobStorePublisher.java http://jenkins-ci.org/commit/jclouds-plugin/8b55b2f580e6f0a3ab89c7f5f265952d11e27a41 Log: [Fix JENKINS-16632] Don't print auth stack traces. Really fix JENKINS-16632 . We cannot print the AuthorizationException stack trace because it contains private auth info and printing the stack trace writes it to the Jenkins build console log. Instead catch AuthorizationExceptions then create a new RuntimeException whose message can be printed. Print the RuntimeException stack trace and a helpful message that authorization failed.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Andrew Bayer
          Path:
          src/main/java/jenkins/plugins/jclouds/blobstore/BlobStorePublisher.java
          http://jenkins-ci.org/commit/jclouds-plugin/d4e47c8cca68011bbff4b5b7e463a5a8ac8cd05d
          Log:
          Merge pull request #36 from cboylan/fix-JENKINS-16632

          [Fix JENKINS-16632] Don't print auth stack traces.

          Compare: https://github.com/jenkinsci/jclouds-plugin/compare/01991c65a1f3...d4e47c8cca68


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: src/main/java/jenkins/plugins/jclouds/blobstore/BlobStorePublisher.java http://jenkins-ci.org/commit/jclouds-plugin/d4e47c8cca68011bbff4b5b7e463a5a8ac8cd05d Log: Merge pull request #36 from cboylan/fix- JENKINS-16632 [Fix JENKINS-16632] Don't print auth stack traces. Compare: https://github.com/jenkinsci/jclouds-plugin/compare/01991c65a1f3...d4e47c8cca68 – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

            People

            • Assignee:
              Unassigned
              Reporter:
              cboylan Clark Boylan
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: