Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40166

Passwords not quoted correctly in Windows


    • Similar Issues:


      In https://github.com/jenkinsci/git-client-plugin/blob/master/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java

      Method createWindowsStandardAskpass() & createWindowsSshAskpass() create cmd.exe .bat batch files are created that echo the passwords to standard out. They use this method to encode the password:

      private String quoteWindowsCredentials(String str)

      { // Assumes the only meaningful character is %, this may be // insufficient.* return str.replace("%", "%%"); }

      This misses several characters are missed that also need to be quoted, see http://ss64.com/nt/syntax-esc.html for more specifics.

      Specifically the cmd.exe caret ^ escape character is needed to quote backslash, ampersand, right bracket, left bracket, caret, space and tab characters:
      ^\ ^& ^| ^> ^< ^^ ^ (note there is a space) and ^ (note there is a tab)

      This could easily be implemented by adding additional lines to the method for each of these extra characters.

      Currently when you use these characters in a Git password and run the job on windows you get very poor error messages saying that the fetch operation failed do to an error in ASKPASS.


          Issue Links


            flstaats Frederick Staats created issue -
            markewaite Mark Waite made changes -
            Field Original Value New Value
            Link This issue duplicates JENKINS-38194 [ JENKINS-38194 ]
            markewaite Mark Waite made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]


              • Assignee:
                markewaite Mark Waite
                flstaats Frederick Staats
              • Votes:
                1 Vote for this issue
                3 Start watching this issue


                • Created: