Yes, I am using credentials system, to get password I use *credentials.getPassword().getPlainText()* and it is not masked =/
Em domingo, 8 de novembro de 2020 às 03:32:25 UTC-3, [email protected] escreveu: > Are you using credentials system? Free style or pipeline? Afaik > credentials should be masked in your build output. At least in pipeline > when you use credentials() or withCredentials. I'm not sure how it gets > triggered in freestyle. > > On Sat., Nov. 7, 2020, 10:26 p.m. Fernando Boaglio, <[email protected]> > wrote: > >> Hi, >> >> I tried to upgrade *Jenkins core*, *org.jenkins-ci.plugins:plugin *, but >> I still got same results. =/ >> >> Since I am using *hudson.Launcher *and the main reason to fix the >> security issue is to hide a command line password, how can I get the output >> and do a replace ( something like *logString**.replace('password', >> '****'**)* ) before do to the final output ? >> >> Thanks. >> >> Em sexta-feira, 6 de novembro de 2020 às 10:19:41 UTC-3, Fernando Boaglio >> escreveu: >> >>> Hi Daniel, >>> >>> Even removing all double quotes I got the same error. >>> >>> Jenkins: >>> [image: image.png] >>> >>> CMD: >>> [image: image.png] >>> >>> >>> I am already using hudson.Launcher (please check line 467 >>> <https://github.com/jenkinsci/sqlplus-script-runner-plugin/blob/master/src/main/java/org/jenkinsci/plugins/sqlplus/script/runner/SQLPlusRunner.java>). >>> >>> >>> >>> Since this plugin is based on Jenkins 2.176.3 , maybe I can try to use a >>> newer one... any suggestions ? >>> >>> Thanks. >>> >>> >>> On Thu, Nov 5, 2020 at 3:53 PM Daniel Beck <[email protected]> wrote: >>> >>>> I would look into Windows batch quoting rules. I think the double >>>> quotes become part of the actual value or some other weirdness. Ideally >>>> you >>>> could write a small tool that just echoes the command line args it >>>> receives, and then use that in place of sqlplus to see what actually gets >>>> passed to the application. >>>> >>>> Alternatively, you may be able to switch from wrapper scripts to launch >>>> your programs using hudson.Launcher but I'm not sure how well the >>>> masking would work as a part of an argument without masking the entire >>>> argument. >>>> >>>> >>>> On Thu, Nov 5, 2020 at 6:52 PM Fernando Boaglio <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> How are you today ? >>>>> >>>>> I am the sqlplus-script-runner plugin maintainer , this plugin is >>>>> basically a wrapper to use Oracle SQL Plus >>>>> <https://en.wikipedia.org/wiki/SQL_Plus> by command line. >>>>> >>>>> This plugin is around since 2015, and due to a recent security issue >>>>> <https://issues.jenkins-ci.org/browse/SECURITY-2129>, I did a >>>>> workaround/fix to hide user's password. >>>>> >>>>> - Before release 2.0.12: >>>>> >>>>> <sqlplus> user/"password"@databaseInstance @customSQLscript >>>>> >>>>> - Current release 2.0.13: >>>>> >>>>> HIDDING_PASSWORD=password (by envVars.put) >>>>> >>>>> Linux: *<sqlplus> user/"$HIDDING_PASSWORD"@databaseInstance >>>>> @customSQLscript* >>>>> Windows: <sqlplus> user/"%HIDDING_PASSWORD%"@databaseInstance >>>>> @customSQLscript >>>>> >>>>> *Linux*: work flawlessly >>>>> *Windows*: doesn't work, I get invalid user/password , some users >>>>> can't use it >>>>> <https://github.com/jenkinsci/sqlplus-script-runner-plugin/issues/55> >>>>> >>>>> Example: >>>>> C:\instantclient\bin\sqlplus.exe -L fb/"%HIDDEN_PASSWORD%"@XE >>>>> @c:\jenkins\workspace\test-sql-slave\temp-script-16045792671955150761487514970585.sql >>>>> >>>>> >>>>> ERROR: *ORA-01017: invalid username/password; logon denied* >>>>> >>>>> I tried to create another file (sqlplus.cmd) to check if >>>>> HIDDEN_PASSWORD variable is correct and I got no errors. >>>>> >>>>> *File sqlplus.cmd:* >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *echo " CMD " echo HIDDEN_PASSWORD=fb echo >>>>> ORACLE_HOME=C:\instantclient cd C:\instantclient\ >>>>> C:\instantclient\sqlplus.exe fb/"%HIDDEN_PASSWORD%"@XE >>>>> @C:\instantclient\teste.sql * >>>>> >>>>> *Output:* >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> * c:\jenkins\workspace\test-sql-slave>echo " CMD " " CMD " >>>>> c:\jenkins\workspace\test-sql-slave>echo HIDDEN_PASSWORD=fb >>>>> HIDDEN_PASSWORD=fbc:\jenkins\workspace\test-sql-slave>echo >>>>> ORACLE_HOME=C:\instantclient >>>>> ORACLE_HOME=C:\instantclientc:\jenkins\workspace\test-sql-slave>cd >>>>> C:\instantclient\ C:\instantclient>C:\instantclient\sqlplus.exe >>>>> fb/"fb"@XE >>>>> @C:\instantclient\teste.sql SQL*Plus: Release 19.0.0.0.0 - Production on >>>>> Thu Nov 5 04:25:23 2020Version 19.6.0.0.0Copyright (c) 1982, 2019, >>>>> Oracle. >>>>> All rights reserved.Connected to:Oracle Database 11g Express Edition >>>>> Release 11.2.0.2.0 - 64bit ProductionUSER is "FB"Disconnected from Oracle >>>>> Database 11g Express Edition Release 11.2.0.2.0 - 64bit >>>>> ProductionProcesso >>>>> terminou com status >>>>> 0--------------------------------------------------------------------------Finished: >>>>> >>>>> SUCCESS* >>>>> >>>>> I am out of ideas, is there any issue related to EnvVars ? >>>>> >>>>> This plugin is based on Jenkins 2.176.3 . >>>>> >>>>> Thanks for you help =) >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Jenkins Developers" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/jenkinsci-dev/f25d0a51-ba77-434e-bdf1-367e7ed97c0en%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/jenkinsci-dev/f25d0a51-ba77-434e-bdf1-367e7ed97c0en%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> >>>> Daniel Beck >>>> Senior Software Engineer >>>> CloudBees, Inc. >>>> >>>> >>>> >>>> >>>> -- >>>> >>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Jenkins Developers" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/jenkinsci-dev/fdtIkMUi1Vo/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLN_82wG_Wxg2BiixjKiLCN52vK1bpgPLzHp6wL0NPF-w%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLN_82wG_Wxg2BiixjKiLCN52vK1bpgPLzHp6wL0NPF-w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> >>> Fernando [email protected] | www.boaglio.com >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/c5b308be-ac20-4186-b82a-f40d8fb48448n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/c5b308be-ac20-4186-b82a-f40d8fb48448n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/48e1ad66-88af-4bcb-9701-26e6692343c3n%40googlegroups.com.
