Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-27382

EnvInjectPluginAction::buildEnvVars() injects masks instead of passwords to the environment

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I created a local and global password.
      In a shell step the password can be used successfully.
      In the next build step of my build I have the Gradle plugin, the password arrives as asterisks.

      As a work-around I have switched to use the MaskPassword plugin.

      Test Script build.gradle:

      task showGlobalEnv << {
      println '\''Test match:'\'' + (System.env.TEST_ENV == 'T123')
      System.env.TEST_ENV.each

      { println it }

      }

      Output from version 1.90 (successful):
      Test match:true
      T
      1
      2
      3

      Output from version 1.91 (failure):
      Test match:false
      *
      *
      *
      *
      *
      *
      *
      *

        Attachments

          Issue Links

            Activity

            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The issue is in these two methods: https://github.com/jenkinsci/envinject-plugin/blob/master/src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java#L46-L63

            Nicolas modified getEnvInjectVarList() in order to prevent the vars exposure to getTarget(). buildEnvVars() also uses this method => "********" sneak to environment variables in some cases

            Show
            oleg_nenashev Oleg Nenashev added a comment - The issue is in these two methods: https://github.com/jenkinsci/envinject-plugin/blob/master/src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java#L46-L63 Nicolas modified getEnvInjectVarList() in order to prevent the vars exposure to getTarget(). buildEnvVars() also uses this method => "********" sneak to environment variables in some cases
            Hide
            recena Manuel Recena Soto added a comment -

            Oleg Nenashev Thanks for your clue.

            A PR have been sent.

            Show
            recena Manuel Recena Soto added a comment - Oleg Nenashev Thanks for your clue. A PR have been sent.
            Hide
            oleg_nenashev Oleg Nenashev added a comment - - edited

            Adjusted the issue title. my gut-feeling is that many other issues can be closed as duplicates

            Show
            oleg_nenashev Oleg Nenashev added a comment - - edited Adjusted the issue title. my gut-feeling is that many other issues can be closed as duplicates
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java
            http://jenkins-ci.org/commit/envinject-plugin/d0cfe58eb9f57b31b93ea6add47c43eb1cbc6728
            Log:
            Merge pull request #65 from recena/JENKINS-27382

            JENKINS-27382 EnvInjectPluginAction::buildEnvVars() injects masks instead of passwords to the environment

            Compare: https://github.com/jenkinsci/envinject-plugin/compare/3dcf5aee55ab...d0cfe58eb9f5

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/plugins/envinject/EnvInjectPluginAction.java http://jenkins-ci.org/commit/envinject-plugin/d0cfe58eb9f57b31b93ea6add47c43eb1cbc6728 Log: Merge pull request #65 from recena/ JENKINS-27382 JENKINS-27382 EnvInjectPluginAction::buildEnvVars() injects masks instead of passwords to the environment Compare: https://github.com/jenkinsci/envinject-plugin/compare/3dcf5aee55ab...d0cfe58eb9f5
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Created JENKINS-30090 for tests.
            The fix has been relelased in 1.92.1

            Show
            oleg_nenashev Oleg Nenashev added a comment - Created JENKINS-30090 for tests. The fix has been relelased in 1.92.1

              People

              • Assignee:
                recena Manuel Recena Soto
                Reporter:
                mbtc Marcus Collins
              • Votes:
                9 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: