Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40734

Shell step cannot use environment variables that contain $$

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: durable-task-plugin
    • Environment:
    • Similar Issues:

      Description

      When I run a Jenkinsfile that has a sh step that uses an environment variable (such as a password) that has two $$ in a row, they get replaced with one $.

      Here's the steps to reproduce:
      1. Make a global credential id "foo", username "foo", password "bar$$baz"
      2. Use this Jenkinsfile:

      node('linux') {
          withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'foo', passwordVariable: 'PASSWORD', usernameVariable: 'USERNAME']]) {            
              echo "Username: ${env.USERNAME}"
              echo "Password: ${env.PASSWORD}"
              sh 'echo Username: $USERNAME, Password: $PASSWORD'
          }
      }
      

      When the build runs, the echo steps properly echo the user/pass which are then masked. But the shell step doesn't mask the password, which is incorrect. It has lost a $

      [Pipeline] echo
      Username: ****
      [Pipeline] echo
      Password: ****
      [Pipeline] sh
      [s_example] Running shell script
      + echo Username: ****, Password: bar$baz
      Username: ****, Password: bar$baz
      

        Attachments

          Issue Links

            Activity

            b_dean Ben Dean created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Not A Defect [ 7 ]
            b_dean Ben Dean made changes -
            Comment [ [~jglick], the shell script you suggested doesn't work either. Putting single quotes around the environment variables will cause bash (or sh, or dash, or whatever the shell is) to not evaluate them and the output of the build is:

            {code:none}
            + echo Username: $USERNAME, Password: $PASSWORD
            Username: $USERNAME, Password: $PASSWORD
            {code}

            If I change those to double quotes it will evaluate them, but it will have the same problem it had before

            {code:none}
            sh '''
            echo Username: "$USERNAME", Password: "$PASSWORD"
            '''
            {code}

            outputs:
            {code:none}
            + echo Username: ****, Password: bar$baz
            Username: ****, Password: bar$baz
            {code}

            And don't think to much about the {{echo}} command in the shell either. In the real place where I'm running into this problem, I'm passing the username and password to some CLI:

            {code:none}
            sh '''
            some-cli do stuff "$USERNAME" "$PASSWORD"
            '''
            {code}

            and they have to be double quoted there so bash will correctly pass the args to the command line if they contain spaces or other characters that have to be quoted. ]
            b_dean Ben Dean made changes -
            Resolution Not A Defect [ 7 ]
            Status Resolved [ 5 ] Reopened [ 4 ]
            jglick Jesse Glick made changes -
            Component/s pipeline [ 21692 ]
            Component/s workflow-durable-task-step-plugin [ 21715 ]
            Labels credentials environment-variables pipeline shell environment pipeline
            Assignee Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Reopened [ 4 ] Open [ 1 ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 34 (Web Link)" [ 15239 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            jglick Jesse Glick made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            jglick Jesse Glick made changes -
            Link This issue is blocked by JENKINS-41339 [ JENKINS-41339 ]
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-41225 [ JENKINS-41225 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-27040 [ JENKINS-27040 ]
            cloudbees CloudBees Inc. made changes -
            Remote Link This issue links to "CloudBees Internal OSS-1830 (Web Link)" [ 18547 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                b_dean Ben Dean
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: