Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43872

Dollar signs in credentials or literal value env vars cause issues in environment in Declarative

    Details

    • Similar Issues:

      Description

      I'm still figuring out all the details, but if you've got an environment directive like this:

      environment {
        SOME_VAR = credentials('some-creds')
        SOME_OTHER_VAR = "Look, I contain ${SOME_VAR}"
      }
      

      where SOME_VAR ends up containing something like $VARIABLES somewhere in it, you get an error like:

      [test1 #1] groovy.lang.MissingPropertyException: No such property: VARIABLES for class: groovy.lang.Binding
      [test1 #1] 	at groovy.lang.Binding.getVariable(Binding.java:63)
      [test1 #1] 	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:224)
      [test1 #1] 	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
      [test1 #1] 	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
      [test1 #1] 	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:28)
      [test1 #1] 	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
      [test1 #1] 	at Script1.run(Script1.groovy:1)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:216)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.call(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:75)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:361)
      ...
      

      Additionally, a $ on its own gets you a different error, but the underlying problem is the same - we're not escaping things properly.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Andrew Bayer
            Path:
            pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/Utils.groovy
            pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/model/Environment.groovy
            pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/EnvironmentTest.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/steps/CredentialWrapperStepTest.java
            pipeline-model-definition/src/test/resources/credentialsDollarQuotes.groovy
            pipeline-model-definition/src/test/resources/envDollarQuotes.groovy
            pipeline-model-definition/src/test/resources/environmentCrossReferences.groovy
            http://jenkins-ci.org/commit/pipeline-model-definition-plugin/602a93d39a67ab263657970fa305a2d517576cf1
            Log:
            [FIXED JENKINS-43872] Properly escape dollar signs in env evaluation

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/Utils.groovy pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/model/Environment.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/EnvironmentTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/steps/CredentialWrapperStepTest.java pipeline-model-definition/src/test/resources/credentialsDollarQuotes.groovy pipeline-model-definition/src/test/resources/envDollarQuotes.groovy pipeline-model-definition/src/test/resources/environmentCrossReferences.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/602a93d39a67ab263657970fa305a2d517576cf1 Log: [FIXED JENKINS-43872] Properly escape dollar signs in env evaluation
            Hide
            abayer Andrew Bayer added a comment -

            Released in 1.1.4 just now!

            Show
            abayer Andrew Bayer added a comment - Released in 1.1.4 just now!
            Hide
            mkj Michal Matyjek added a comment -

            I'm still investigating, but looks like this change broke something in our pipeline.

            Had this working in 1.1.3:
            environment {
            GOPATH='${WORKSPACE}'
            ...
             
            with 1.1.4 go is now throwing:
            go: GOPATH entry is relative; must be absolute path: "${WORKSPACE}".
             
             

            Show
            mkj Michal Matyjek added a comment - I'm still investigating, but looks like this change broke something in our pipeline. Had this working in 1.1.3: environment { GOPATH='${WORKSPACE}' ...   with 1.1.4 go is now throwing: go: GOPATH entry is relative; must be absolute path: "${WORKSPACE}".    
            Hide
            mkj Michal Matyjek added a comment -

            Looks like it's the quotes:

            GOPATH='${WORKSPACE}' worked until 1.1.3, does not work in 1.1.4
            GOPATH="${WORKSPACE}" works in 1.1.4...
             

            Show
            mkj Michal Matyjek added a comment - Looks like it's the quotes: GOPATH='${WORKSPACE}' worked until 1.1.3, does not work in 1.1.4 GOPATH="${WORKSPACE}" works in 1.1.4...  
            Hide
            bitwiseman Liam Newman added a comment -

            Bulk closing resolved issues.

            Show
            bitwiseman Liam Newman added a comment - Bulk closing resolved issues.

              People

              • Assignee:
                abayer Andrew Bayer
                Reporter:
                abayer Andrew Bayer
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: