Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40166

Passwords not quoted correctly in Windows

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: git-client-plugin
    • Labels:
      None
    • Environment:
      Windows
    • Similar Issues:

      Description

      In https://github.com/jenkinsci/git-client-plugin/blob/master/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java

      Method createWindowsStandardAskpass() & createWindowsSshAskpass() create cmd.exe .bat batch files are created that echo the passwords to standard out. They use this method to encode the password:

      private String quoteWindowsCredentials(String str)

      { // Assumes the only meaningful character is %, this may be // insufficient.* return str.replace("%", "%%"); }

      This misses several characters are missed that also need to be quoted, see http://ss64.com/nt/syntax-esc.html for more specifics.

      Specifically the cmd.exe caret ^ escape character is needed to quote backslash, ampersand, right bracket, left bracket, caret, space and tab characters:
      ^\ ^& ^| ^> ^< ^^ ^ (note there is a space) and ^ (note there is a tab)

      This could easily be implemented by adding additional lines to the method for each of these extra characters.

      Currently when you use these characters in a Git password and run the job on windows you get very poor error messages saying that the fetch operation failed do to an error in ASKPASS.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markewaite Mark Waite
                Reporter:
                flstaats Frederick Staats
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: