• Type: Bug
• Resolution: Fixed
• Priority: Major
• Component/s: envinject-plugin
• Labels:

  • password
• Environment:

  EnvInject 1.78
  Jenkins 1.489

[JENKINS-16372] Password parameter is malformed

Collapse comment: Gregory Boissinot added a comment - 2013-01-20 00:14, Edited by Gregory Boissinot - 2013-01-20 00:14

Gregory Boissinot added a comment - 2013-01-20 00:14 - edited

In the Jenkins log, password values provided by EnvInject plugin are masked. However, from the script they are decrypted.
For example, test in your script 'echo $1 > out.txt' and call your script with $PASSWORD_VAR and you should see that you have the plain value of the var.

Expand comment: Gregory Boissinot added a comment - 2013-01-20 00:14, Edited by Gregory Boissinot - 2013-01-20 00:14

Gregory Boissinot added a comment - 2013-01-20 00:14 - edited In the Jenkins log, password values provided by EnvInject plugin are masked. However, from the script they are decrypted. For example, test in your script 'echo $1 > out.txt' and call your script with $PASSWORD_VAR and you should see that you have the plain value of the var.

Collapse comment: Mateusz Balbus added a comment - 2013-01-21 14:26

Mateusz Balbus added a comment - 2013-01-21 14:26

I created Windows batch script in Jenkins:
echo %password% > out.txt
and my out.txt looks like:
aUZfmW1sIV8Cf1ylDYbisNAlvHM5BIFcWQh6DOBXpt4=

Expand comment: Mateusz Balbus added a comment - 2013-01-21 14:26

Mateusz Balbus added a comment - 2013-01-21 14:26 I created Windows batch script in Jenkins: echo %password% > out.txt and my out.txt looks like: aUZfmW1sIV8Cf1ylDYbisNAlvHM5BIFcWQh6DOBXpt4=

Collapse comment: SCM/JIRA link daemon added a comment - 2013-01-29 23:09

SCM/JIRA link daemon added a comment - 2013-01-29 23:09

Code changed in jenkins
User: Gregory Boissinot
Path:
src/main/java/org/jenkinsci/plugins/envinject/EnvInjectListener.java
src/main/java/org/jenkinsci/plugins/envinject/service/EnvInjectVariableGetter.java
http://jenkins-ci.org/commit/envinject-plugin/fffef515df17d3422c4c7b8bf0d719436b52bfab
Log:
Fix JENKINS-16372

Compare: https://github.com/jenkinsci/envinject-plugin/compare/cbbe52face74...fffef515df17

–
You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Expand comment: SCM/JIRA link daemon added a comment - 2013-01-29 23:09

SCM/JIRA link daemon added a comment - 2013-01-29 23:09 Code changed in jenkins User: Gregory Boissinot Path: src/main/java/org/jenkinsci/plugins/envinject/EnvInjectListener.java src/main/java/org/jenkinsci/plugins/envinject/service/EnvInjectVariableGetter.java http://jenkins-ci.org/commit/envinject-plugin/fffef515df17d3422c4c7b8bf0d719436b52bfab Log: Fix JENKINS-16372 Compare: https://github.com/jenkinsci/envinject-plugin/compare/cbbe52face74...fffef515df17 – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

Collapse comment: Mateusz Balbus added a comment - 2013-01-30 09:08

Mateusz Balbus added a comment - 2013-01-30 09:08

Verified on version 1.81, works fine. Did you notice that now password is visible in logs? I'm guessing it is core issue now.

Expand comment: Mateusz Balbus added a comment - 2013-01-30 09:08

Mateusz Balbus added a comment - 2013-01-30 09:08 Verified on version 1.81, works fine. Did you notice that now password is visible in logs? I'm guessing it is core issue now.

Collapse comment: Gregory Boissinot added a comment - 2013-02-02 22:08

Gregory Boissinot added a comment - 2013-02-02 22:08

Yes, it seems to be a core issue.

Expand comment: Gregory Boissinot added a comment - 2013-02-02 22:08

Gregory Boissinot added a comment - 2013-02-02 22:08 Yes, it seems to be a core issue.