Thank you James, *addMasked* did it ! \o/ Fixed windows issue and passwords hidden at release 2.0.14 =)
Thank you guys. On Sun, Nov 8, 2020 at 7:54 PM James Nord <[email protected]> wrote: > > are you using the ArgumentListBuilder and addMasked > > > https://javadoc.jenkins-ci.org/hudson/util/ArgumentListBuilder.html#addMasked-java.lang.String- > as per https://javadoc.jenkins-ci.org/hudson/Launcher.html#launch-- > > if not you need to tell Jenkins that the nth argument should be masked > (but you would be better off with the builder) > On Sunday, 8 November 2020 at 07:30:08 UTC [email protected] wrote: > >> Yes, I am using credentials system, to get password I use >> *credentials.getPassword().getPlainText()* and it is not masked =/ >> >> >> Em domingo, 8 de novembro de 2020 às 03:32:25 UTC-3, [email protected] >> escreveu: >> >>> Are you using credentials system? Free style or pipeline? Afaik >>> credentials should be masked in your build output. At least in pipeline >>> when you use credentials() or withCredentials. I'm not sure how it gets >>> triggered in freestyle. >>> >>> On Sat., Nov. 7, 2020, 10:26 p.m. Fernando Boaglio, <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I tried to upgrade *Jenkins core*, *org.jenkins-ci.plugins:plugin *, >>>> but I still got same results. =/ >>>> >>>> Since I am using *hudson.Launcher *and the main reason to fix the >>>> security issue is to hide a command line password, how can I get the output >>>> and do a replace ( something like *logString**.replace('password', >>>> '****'**)* ) before do to the final output ? >>>> >>>> Thanks. >>>> >>>> Em sexta-feira, 6 de novembro de 2020 às 10:19:41 UTC-3, Fernando >>>> Boaglio escreveu: >>>> >>>>> Hi Daniel, >>>>> >>>>> Even removing all double quotes I got the same error. >>>>> >>>>> Jenkins: >>>>> [image: image.png] >>>>> >>>>> CMD: >>>>> [image: image.png] >>>>> >>>>> >>>>> I am already using hudson.Launcher (please check line 467 >>>>> <https://github.com/jenkinsci/sqlplus-script-runner-plugin/blob/master/src/main/java/org/jenkinsci/plugins/sqlplus/script/runner/SQLPlusRunner.java>). >>>>> >>>>> >>>>> Since this plugin is based on Jenkins 2.176.3 , maybe I can try to use >>>>> a newer one... any suggestions ? >>>>> >>>>> Thanks. >>>>> >>>>> >>>>> On Thu, Nov 5, 2020 at 3:53 PM Daniel Beck <[email protected]> >>>>> wrote: >>>>> >>>>>> I would look into Windows batch quoting rules. I think the double >>>>>> quotes become part of the actual value or some other weirdness. Ideally >>>>>> you >>>>>> could write a small tool that just echoes the command line args it >>>>>> receives, and then use that in place of sqlplus to see what actually gets >>>>>> passed to the application. >>>>>> >>>>>> Alternatively, you may be able to switch from wrapper scripts to >>>>>> launch your programs using hudson.Launcher but I'm not sure how well >>>>>> the masking would work as a part of an argument without masking the >>>>>> entire >>>>>> argument. >>>>>> >>>>>> >>>>>> On Thu, Nov 5, 2020 at 6:52 PM Fernando Boaglio <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> How are you today ? >>>>>>> >>>>>>> I am the sqlplus-script-runner plugin maintainer , this plugin is >>>>>>> basically a wrapper to use Oracle SQL Plus >>>>>>> <https://en.wikipedia.org/wiki/SQL_Plus> by command line. >>>>>>> >>>>>>> This plugin is around since 2015, and due to a recent security issue >>>>>>> <https://issues.jenkins-ci.org/browse/SECURITY-2129>, I did a >>>>>>> workaround/fix to hide user's password. >>>>>>> >>>>>>> - Before release 2.0.12: >>>>>>> >>>>>>> <sqlplus> user/"password"@databaseInstance @customSQLscript >>>>>>> >>>>>>> - Current release 2.0.13: >>>>>>> >>>>>>> HIDDING_PASSWORD=password (by envVars.put) >>>>>>> >>>>>>> Linux: *<sqlplus> user/"$HIDDING_PASSWORD"@databaseInstance >>>>>>> @customSQLscript* >>>>>>> Windows: <sqlplus> user/"%HIDDING_PASSWORD%"@databaseInstance >>>>>>> @customSQLscript >>>>>>> >>>>>>> *Linux*: work flawlessly >>>>>>> *Windows*: doesn't work, I get invalid user/password , some users >>>>>>> can't use it >>>>>>> <https://github.com/jenkinsci/sqlplus-script-runner-plugin/issues/55> >>>>>>> >>>>>>> Example: >>>>>>> C:\instantclient\bin\sqlplus.exe -L fb/"%HIDDEN_PASSWORD%"@XE >>>>>>> @c:\jenkins\workspace\test-sql-slave\temp-script-16045792671955150761487514970585.sql >>>>>>> >>>>>>> ERROR: *ORA-01017: invalid username/password; logon denied* >>>>>>> >>>>>>> I tried to create another file (sqlplus.cmd) to check if >>>>>>> HIDDEN_PASSWORD variable is correct and I got no errors. >>>>>>> >>>>>>> *File sqlplus.cmd:* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *echo " CMD " echo HIDDEN_PASSWORD=fb echo >>>>>>> ORACLE_HOME=C:\instantclient cd C:\instantclient\ >>>>>>> C:\instantclient\sqlplus.exe fb/"%HIDDEN_PASSWORD%"@XE >>>>>>> @C:\instantclient\teste.sql * >>>>>>> >>>>>>> *Output:* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> * c:\jenkins\workspace\test-sql-slave>echo " CMD " " CMD " >>>>>>> c:\jenkins\workspace\test-sql-slave>echo HIDDEN_PASSWORD=fb >>>>>>> HIDDEN_PASSWORD=fbc:\jenkins\workspace\test-sql-slave>echo >>>>>>> ORACLE_HOME=C:\instantclient >>>>>>> ORACLE_HOME=C:\instantclientc:\jenkins\workspace\test-sql-slave>cd >>>>>>> C:\instantclient\ C:\instantclient>C:\instantclient\sqlplus.exe >>>>>>> fb/"fb"@XE >>>>>>> @C:\instantclient\teste.sql SQL*Plus: Release 19.0.0.0.0 - Production on >>>>>>> Thu Nov 5 04:25:23 2020Version 19.6.0.0.0Copyright (c) 1982, 2019, >>>>>>> Oracle. >>>>>>> All rights reserved.Connected to:Oracle Database 11g Express Edition >>>>>>> Release 11.2.0.2.0 - 64bit ProductionUSER is "FB"Disconnected from >>>>>>> Oracle >>>>>>> Database 11g Express Edition Release 11.2.0.2.0 - 64bit >>>>>>> ProductionProcesso >>>>>>> terminou com status >>>>>>> 0--------------------------------------------------------------------------Finished: >>>>>>> SUCCESS* >>>>>>> >>>>>>> I am out of ideas, is there any issue related to EnvVars ? >>>>>>> >>>>>>> This plugin is based on Jenkins 2.176.3 . >>>>>>> >>>>>>> Thanks for you help =) >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Jenkins Developers" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/jenkinsci-dev/f25d0a51-ba77-434e-bdf1-367e7ed97c0en%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/jenkinsci-dev/f25d0a51-ba77-434e-bdf1-367e7ed97c0en%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Daniel Beck >>>>>> Senior Software Engineer >>>>>> CloudBees, Inc. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>> You received this message because you are subscribed to a topic in the >>>>>> Google Groups "Jenkins Developers" group. >>>>>> To unsubscribe from this topic, visit >>>>>> https://groups.google.com/d/topic/jenkinsci-dev/fdtIkMUi1Vo/unsubscribe >>>>>> . >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLN_82wG_Wxg2BiixjKiLCN52vK1bpgPLzHp6wL0NPF-w%40mail.gmail.com >>>>>> <https://groups.google.com/d/msgid/jenkinsci-dev/CAMo7PtLN_82wG_Wxg2BiixjKiLCN52vK1bpgPLzHp6wL0NPF-w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Fernando [email protected] | www.boaglio.com >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Jenkins Developers" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-dev/c5b308be-ac20-4186-b82a-f40d8fb48448n%40googlegroups.com >>>> <https://groups.google.com/d/msgid/jenkinsci-dev/c5b308be-ac20-4186-b82a-f40d8fb48448n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Developers" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-dev/fdtIkMUi1Vo/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/e3ddad39-5c04-4786-8064-97a2829ab619n%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/e3ddad39-5c04-4786-8064-97a2829ab619n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Fernando [email protected] | www.boaglio.com -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CADuSYLXhHnv5FQ%2BSqbSNz0PRfS6_VAp%2BxdBHZfG-OAyTsMWuag%40mail.gmail.com.
