[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title Jesse Glick commented on JENKINS-42950 Re: credentials-binding-plugin not masking secret text when it includes a single quote Done. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title p cowlinator commented on JENKINS-42950 Re: credentials-binding-plugin not masking secret text when it includes a single quote Jesse Glick, can you at least include a note about this in the documentation? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title Jesse Glick updated JENKINS-42950 Ah yes, this is just Bash being too clever. When you have echo enabled, Bash—but not, say, Ubuntu’s more compliant Dash—will detect command arguments containing ' and present a mockup of a command line that would escape them even if all the mockup elements were manually surrounded with '. Thus echo $USER $PASS is rendered as + echo username7 password'"'"'7 rather than simply + echo username7 password'7 which I suppose is intended to make it easier for you to copy-paste this line into a new script as echo 'username7' 'password'"'"'7' Since output does not literally contain the password, it is not masked. In general, the plugin cannot keep up with the ways in which various tools might decide to mangle secrets before printing them; it keeps it simple and masks secrets only when printed literally. So either disable echoing with set +x or simply avoid passwords with shell metacharacters, ' especially. Jenkins / JENKINS-42950 credentials-binding-plugin not masking secret text when it includes a single quote Change By: Jesse Glick Status: In Review Resolved Resolution:
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title
p cowlinator edited a comment on JENKINS-42950
Re: credentials-binding-plugin not masking secret text when it includes a single quote
I get this problem with the following environment:Jenkins server: runs on `jenkins/jenkins:lts` docker image (image id: 5907903170ad), with Jenkins version 2.150.1. Credentials-binding-plugin version: 1.17. Agent: runs on a Alpine Linux 3.8 docker imageWhen running the following pipeline:{code:java}pipeline {agent { docker { image 'alpine:3.8' } }stages {stage('run_for_ranapas') {steps {withCredentials([usernamePassword(credentialsId: 'quote_pw', usernameVariable: 'USER', passwordVariable: 'PASS')]) {sh ''' echo $USER $PASS'''}}}}}{code}Where `quote_pw` is a global scope, global domain credential who's " ` kind " ` is " ` username and password " ` , and who's values are: username: `username7`, password: `password'7`.The result is {code:java}[Pipeline] withCredentials[Pipeline] {[Pipeline] sh+ echo 'password'"'"'7' {code}
Add Comment
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title
p cowlinator edited a comment on JENKINS-42950
Re: credentials-binding-plugin not masking secret text when it includes a single quote
I get this problem with the following environment:Jenkins server: runs on ` jenkins/jenkins:lts ` docker image (image id: 5907903170ad), with Jenkins version 2.150.1. Credentials-binding-plugin version: 1.17. Agent: runs on a Alpine Linux 3.8 docker imageWhen running the following pipeline:{code:java}pipeline {agent { docker { image 'alpine:3.8' } }stages {stage('run_for_ranapas') {steps {withCredentials([usernamePassword(credentialsId: 'quote_pw', usernameVariable: 'USER', passwordVariable: 'PASS')]) {sh ''' echo $USER $PASS'''}}}}}{code}Where " ` quote_pw " ` is a global scope, global domain credential who's "kind" is "username and password", and who's values are: username: `username7`, password: `password'7`.The result is {code:java}[Pipeline] withCredentials[Pipeline] {[Pipeline] sh+ echo 'password'"'"'7' {code}
Add Comment
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title
p cowlinator commented on JENKINS-42950
Re: credentials-binding-plugin not masking secret text when it includes a single quote
I get this problem with the following environment: Jenkins server: runs on jenkins/jenkins:lts docker image (image id: 5907903170ad), with Jenkins version 2.150.1. Credentials-binding-plugin version: 1.17. Agent: runs on the server node. When running the following pipeline:
pipeline {
agent { docker { image 'alpine:3.8' } }
stages {
stage('run_for_ranapas') {
steps {
withCredentials([usernamePassword(credentialsId: 'quote_pw', usernameVariable: 'USER', passwordVariable: 'PASS')]) {
sh '''
echo $USER $PASS
'''
}
}
}
}
}
Where "quote_pw" is a global scope, global domain credential who's "kind" is "username and password", and who's values are: username: `username7`, password: `password'7`. The result is
[Pipeline] withCredentials
[Pipeline] {
[Pipeline] sh
+ echo 'password'"'"'7'
Add Comment
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title
p cowlinator edited a comment on JENKINS-42950
Re: credentials-binding-plugin not masking secret text when it includes a single quote
I get this problem with the following environment:Jenkins server: runs on jenkins/jenkins:lts docker image (image id: 5907903170ad), with Jenkins version 2.150.1. Credentials-binding-plugin version: 1.17. Agent: runs on the server node a Alpine Linux 3 . 8 docker image When running the following pipeline:{code:java}pipeline {agent { docker { image 'alpine:3.8' } }stages {stage('run_for_ranapas') {steps {withCredentials([usernamePassword(credentialsId: 'quote_pw', usernameVariable: 'USER', passwordVariable: 'PASS')]) {sh ''' echo $USER $PASS'''}}}}}{code}Where "quote_pw" is a global scope, global domain credential who's "kind" is "username and password", and who's values are: username: `username7`, password: `password'7`.The result is {code:java}[Pipeline] withCredentials[Pipeline] {[Pipeline] sh+ echo 'password'"'"'7' {code}
Add Comment
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title p cowlinator updated JENKINS-42950 Jenkins / JENKINS-42950 credentials-binding-plugin not masking secret text when it includes a single quote Change By: p cowlinator Status: Resolved In Review Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title p cowlinator commented on JENKINS-42950 Re: credentials-binding-plugin not masking secret text when it includes a single quote I am able to reproduce this issue. I will post more details in the next comment. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title Jeff Mclean stopped work on JENKINS-42950 Change By: Jeff Mclean Status: In Progress Open Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title Jeff Mclean started work on JENKINS-42950 Change By: Jeff Mclean Status: Open In Progress Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-42950) credentials-binding-plugin not masking secret text when it includes a single quote
Title: Message Title Jeff Mclean created an issue Jenkins / JENKINS-42950 credentials-binding-plugin not masking secret text when it includes a single quote Issue Type: Bug Assignee: Unassigned Components: credentials-binding-plugin Created: 2017/Mar/20 9:50 PM Environment: all Priority: Critical Reporter: Jeff Mclean I have a Jenkins job to deploy an ansible playbook and I have used the credentials-binding-plugin secret text entries for entering my different environment ansible vault passwords. 2 of my encrypted passwords work fine but one of them has a single quote in the text and it seems to be causing problems with the masking and so that password is showing up in the logs. I tried escaping in the actual text itself but that did not work either. I would just change passwords but they are company passwords and not mine to change so please let me know if something can be done to fix the parsing or if there is an immediate workaround for this. Thanks, Jeff Mclean Add Comment
