Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27363

envinject-lib and envinject-plugin should handle null sensitive variables

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: envinject-plugin
    • Labels:
      None
    • Environment:
      envinject-1.91
      core
    • Similar Issues:

      Description

      Just a follow-up to JENKINS-23447...

      • AbstractBuild::getSensitiveBuildVariables() may return null from child classes
        • There's no Javadoc in the core to define the correct behavior
        • All calls of AbstractBuild::getSensitiveBuildVariables() in the core process null values

      Currently EnvInject plugin does not handle this case natively. There can be NPE in envinject-lib, hence both projects should be updated

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java
            http://jenkins-ci.org/commit/envinject-plugin/9455ca66165c30121059833b50b5581aca30a948
            Log:
            JENKINS-27363 - Properly handle null sentitive variables to satisfy the static analysis

            Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java http://jenkins-ci.org/commit/envinject-plugin/9455ca66165c30121059833b50b5581aca30a948 Log: JENKINS-27363 - Properly handle null sentitive variables to satisfy the static analysis Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
            Hide
            mshuler Michael Shuler added a comment -

            env: Jenkins LTS 1.596.1, EnvInject 1.91.1 (everything current as of commenting)

            I receive a traceback when attempting to simply save a job configuration, so I'm currently unable to edit any job configs. I would like to verify this is the same issue:

            WARNING: Error while serving http://cassci.datastax.com/job/scratch_mshuler2/configSubmit
            java.lang.reflect.InvocationTargetException
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                    at java.lang.reflect.Method.invoke(Method.java:606)
                    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
                    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
                    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
                    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
                    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
                    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
                    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
                    at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
                    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
                    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
                    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
                    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
                    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
                    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
                    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
                    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
                    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
                    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
                    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
                    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
                    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
                    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
                    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
                    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
                    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
                    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
                    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
                    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
                    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
                    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
                    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
                    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
                    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
                    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
                    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
                    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
                    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
                    at org.eclipse.jetty.server.Server.handle(Server.java:370)
                    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
                    at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
                    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
                    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
                    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
                    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
                    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
                    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
                    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
                    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
                    at java.lang.Thread.run(Thread.java:745)
            Caused by: java.lang.NullPointerException
                    at org.jenkinsci.plugins.envinject.EnvInjectJobProperty.reconfigure(EnvInjectJobProperty.java:135)
                    at org.jenkinsci.plugins.envinject.EnvInjectJobProperty.reconfigure(EnvInjectJobProperty.java:26)
                    at hudson.util.DescribableList.rebuild(DescribableList.java:171)
                    at hudson.model.Job.doConfigSubmit(Job.java:1178)
                    at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:785)
                    ... 73 more
            

            If this is a different issue, I'd be happy to open a new JIRA.

            Show
            mshuler Michael Shuler added a comment - env: Jenkins LTS 1.596.1, EnvInject 1.91.1 (everything current as of commenting) I receive a traceback when attempting to simply save a job configuration, so I'm currently unable to edit any job configs. I would like to verify this is the same issue: WARNING: Error while serving http://cassci.datastax.com/job/scratch_mshuler2/configSubmit java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at org.jenkinsci.plugins.envinject.EnvInjectJobProperty.reconfigure(EnvInjectJobProperty.java:135) at org.jenkinsci.plugins.envinject.EnvInjectJobProperty.reconfigure(EnvInjectJobProperty.java:26) at hudson.util.DescribableList.rebuild(DescribableList.java:171) at hudson.model.Job.doConfigSubmit(Job.java:1178) at hudson.model.AbstractProject.doConfigSubmit(AbstractProject.java:785) ... 73 more If this is a different issue, I'd be happy to open a new JIRA.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            @Michael
            I suppose your issue is similar to https://issues.jenkins-ci.org/browse/JENKINS-19852?focusedCommentId=222997&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-222997 from JENKINS-19852. Nothing to do with this issue, but seems the case should be moved into a separate issue. I'll do it

            Show
            oleg_nenashev Oleg Nenashev added a comment - @Michael I suppose your issue is similar to https://issues.jenkins-ci.org/browse/JENKINS-19852?focusedCommentId=222997&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-222997 from JENKINS-19852 . Nothing to do with this issue, but seems the case should be moved into a separate issue. I'll do it
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java
            http://jenkins-ci.org/commit/envinject-plugin/0efba11ff363f81569e497437867c298abea8579
            Log:
            Merge pull request #42 from jenkinsci/JENKINS-27363

            JENKINS-27363 - Properly handle null sentitive variables

            Compare: https://github.com/jenkinsci/envinject-plugin/compare/b78c45cc336b...0efba11ff363

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java http://jenkins-ci.org/commit/envinject-plugin/0efba11ff363f81569e497437867c298abea8579 Log: Merge pull request #42 from jenkinsci/ JENKINS-27363 JENKINS-27363 - Properly handle null sentitive variables Compare: https://github.com/jenkinsci/envinject-plugin/compare/b78c45cc336b...0efba11ff363
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/org/jenkinsci/lib/envinject/EnvInjectAction.java
            http://jenkins-ci.org/commit/envinject-lib/d70408a03fce3875d516e95054146ed273611f99
            Log:
            JENKINS-27363 - Annotate sensibleVariables (may be null)

            Patch to the core: https://github.com/jenkinsci/jenkins/pull/1601

            Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/lib/envinject/EnvInjectAction.java http://jenkins-ci.org/commit/envinject-lib/d70408a03fce3875d516e95054146ed273611f99 Log: JENKINS-27363 - Annotate sensibleVariables (may be null) Patch to the core: https://github.com/jenkinsci/jenkins/pull/1601 Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/org/jenkinsci/lib/envinject/EnvInjectAction.java
            http://jenkins-ci.org/commit/envinject-lib/8e3c2bbf549b59318a7432c368870684000fbf4e
            Log:
            Merge pull request #4 from oleg-nenashev/JENKINS-27363

            [JENKINS-27363,JENKINS-27665] - Annotate sensibleVariables (may be null)

            Compare: https://github.com/jenkinsci/envinject-lib/compare/0033cdf67151...8e3c2bbf549b

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/lib/envinject/EnvInjectAction.java http://jenkins-ci.org/commit/envinject-lib/8e3c2bbf549b59318a7432c368870684000fbf4e Log: Merge pull request #4 from oleg-nenashev/ JENKINS-27363 [JENKINS-27363,JENKINS-27665] - Annotate sensibleVariables (may be null) Compare: https://github.com/jenkinsci/envinject-lib/compare/0033cdf67151...8e3c2bbf549b
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Done & released in 1.91.4

            Show
            oleg_nenashev Oleg Nenashev added a comment - Done & released in 1.91.4

              People

              • Assignee:
                oleg_nenashev Oleg Nenashev
                Reporter:
                oleg_nenashev Oleg Nenashev
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: