-
Bug
-
Resolution: Unresolved
-
Major
I believe just like other PR builder plugins, this one is affected by the SECURITY-170 but is not on the page that tracks them: https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
08:23:33 FATAL: Command "git rev-parse origin/${targetBranch}^{commit}" returned status code 128:
08:23:33 stdout: origin/${targetBranch}^{commit}
This used to work with Jenkins 2.2
[JENKINS-34870] Bitbucket Pull Request plugin affected by SECURITY-170
The setting is for jenkins globaly in the startup parameters, as per https://jenkins.io/blog/2016/05/11/security-update/
What you are looking for is setting hudson.model.ParametersAction.keepUndefinedParameters for a workaround, but this of course is not good in the long-run until the plugin is updated
The fix PR seems to be available here: https://github.com/nishio-dens/bitbucket-pullrequest-builder-plugin/pull/88
Hmm. My problem was that plugin didn't set $sourceBranch variable which i need to pass to downstream jobs. But $GIT_BRANCH is set if I check out the code. But I am using this job to only track PRs and trigger another job and pass branch name. Before that I didnt need to check out code because plugin would set the $sourceBranch.
So my solution for now is to check out code and use $GIT_BRANCH.
Actually, I am using $sourceBranch and a few other parameters. If you set keepUndefinedParameters to true as part of jenkins command-line parameters, it will work.
As the SECURITY-170 disables "unknown" parameters per default, the $sourceBranch and a few other parameters were not registered by the plugin, and therefore were ignored (and parsed as plain text input).
Setting property to allow all unknown parameters did help to temporarily work around the issue.