Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17502

Password is not masked if a escaped version is shown in the log

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • mask-passwords-plugin
    • None

      If the password contains a character that is printed in a escaped form in the log output, the masking does not work.

      In my case, I use ant and its echoproperties task. The password p a # # w o r d will be echoed as p a \ # \ # w o r d and thus not masked.

      It would be good to also catch some alternative escaped forms? A different solution could be, to give the opportunity to enter additional patterns that are not set as properties but masked if they appear in the log.

          [JENKINS-17502] Password is not masked if a escaped version is shown in the log

          Andreas Mandel created issue -
          Andreas Mandel made changes -
          Description Original: If the password contains a character that is printed in a escaped form in the log output, the masking does not work.

          In my case, I use ant and its echoproperties task. The password {{"pa##w0rd"}} will be echoed as {{"pa\#\#w0rd"}} and thus not masked.

          It would be good to also catch some alternative escaped forms? A different solution could be, to give the opportunity to enter additional patterns that are not set as properties but masked if they appear in the log.           		New: If the password contains a character that is printed in a escaped form in the log output, the masking does not work.

          In my case, I use ant and its echoproperties task. The password {{"pa##w0rd"}} will be echoed as {{"pa\\#\\#w0rd"}} and thus not masked.

          It would be good to also catch some alternative escaped forms? A different solution could be, to give the opportunity to enter additional patterns that are not set as properties but masked if they appear in the log.
          Andreas Mandel made changes -
          Description Original: If the password contains a character that is printed in a escaped form in the log output, the masking does not work.

          In my case, I use ant and its echoproperties task. The password {{"pa##w0rd"}} will be echoed as {{"pa\\#\\#w0rd"}} and thus not masked.

          It would be good to also catch some alternative escaped forms? A different solution could be, to give the opportunity to enter additional patterns that are not set as properties but masked if they appear in the log.           		New: If the password contains a character that is printed in a escaped form in the log output, the masking does not work.

          In my case, I use ant and its echoproperties task. The password {{p a # # w o r d}} will be echoed as {{p a \ # \ # w o r d}} and thus not masked.


          It would be good to also catch some alternative escaped forms? A different solution could be, to give the opportunity to enter additional patterns that are not set as properties but masked if they appear in the log.
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 148681 ] New: JNJira + In-Review [ 177169 ]

            danielpetisme Daniel Petisme
            andreasmandel Andreas Mandel
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: