Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22770

Mask password plugin fails to mask password with $ character in the middle of the password

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Jenkins instance is running on a linux and i use Invoke Ant build step.
      The build job is parameterized and one of the parameter is password
      Ant targets are written in an xml called run.xml so I pass the arg -file run.xml -Dserver.password=apr20$1 to the ant build.

      The password contains $ in the middle - like apr20$1.
      The $ in the password is referenced as $1 command argument and password parameter is now changed to apr20-file ( -file is my first parameter)

      The password is getting logged when i turn on the -d trace in Ant.
      Setting ro property server.password=apr20-file is what i see in the console

      The mask property should somehow try to address masking this information being logged. I have written my own script to introduce escape sequence in the passwords.

        Attachments

          Activity

          Hide
          vml_aledonne Alex LeDonne added a comment -

          Confirming that password masking fails also if the dollar sign is the last character in the password.

          Show
          vml_aledonne Alex LeDonne added a comment - Confirming that password masking fails also if the dollar sign is the last character in the password.
          Hide
          danielbeck Daniel Beck added a comment -

          The issue description is a bit weird, but it seems to boil down to passwords participating in variable placeholder resolution.

          Usually, you'd escape a dollar char using another dollar char (foo$$bar becomes foo$bar), but that means the raw value does not match the script output, and the password is shown plain.

          Only workaround seems to be to not use passwords that don't contain a dollar char.

          Show
          danielbeck Daniel Beck added a comment - The issue description is a bit weird, but it seems to boil down to passwords participating in variable placeholder resolution. Usually, you'd escape a dollar char using another dollar char ( foo$$bar becomes foo$bar ), but that means the raw value does not match the script output, and the password is shown plain. Only workaround seems to be to not use passwords that don't contain a dollar char.

            People

            Assignee:
            danielpetisme Daniel Petisme
            Reporter:
            raghav4192 Raghav Vaidhyanathan
            Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: