• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • gradle-plugin
    • None

      Adding a password type parameter to a build causes that password to be passed to gradle like this:

      -Dpassword=mySecret

      This is fine, but the password should be obfuscated with ***** in the logs. I suspect this line is wrong https://github.com/jenkinsci/gradle-plugin/blob/master/src/main/java/hudson/plugins/gradle/Gradle.java#L215 and I know other jenkins plugins handle this properly, but I'm not sure of the exact fix.

          [JENKINS-15457] Passwords leaked in logs

          Could give the plugins list you know where it is managed correctly?

          Gregory Boissinot added a comment - Could give the plugins list you know where it is managed correctly?

          aristedes added a comment - - edited

          Here is the output from a similar run of the maven plugin:

           
          [INFO] --- maven-release-plugin:2.1:prepare (default-cli) @ services ---
          [INFO] Verifying that there are no local modifications...
          [INFO]   ignoring changes on: pom.xml.next, release.properties, pom.xml.releaseBackup, pom.xml.backup, pom.xml.branch, pom.xml.tag
          [INFO] Executing: /bin/sh -c cd /var/hudson/workspace/onCourse-services && svn --username andrey --password '*****' --no-auth-cache --non-interactive status
          [INFO] Working directory: /var/hudson/workspace/onCourse-services
          [INFO] Ignoring SNAPSHOT depenedencies and plugins ...
          

          aristedes added a comment - - edited Here is the output from a similar run of the maven plugin: [INFO] --- maven-release-plugin:2.1:prepare (default-cli) @ services --- [INFO] Verifying that there are no local modifications... [INFO] ignoring changes on: pom.xml.next, release.properties, pom.xml.releaseBackup, pom.xml.backup, pom.xml.branch, pom.xml.tag [INFO] Executing: /bin/sh -c cd /var/hudson/workspace/onCourse-services && svn --username andrey --password '*****' --no-auth-cache --non-interactive status [INFO] Working directory: /var/hudson/workspace/onCourse-services [INFO] Ignoring SNAPSHOT depenedencies and plugins ...

          I'm having the same issue. Is this still "In Progress" as the status indicates?

          Poul Henriksen added a comment - I'm having the same issue. Is this still "In Progress" as the status indicates?

            gbois Gregory Boissinot
            aristedes aristedes
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: