Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34908

mask-password does not mask url encoded passwords

XMLWordPrintable

      if a password is used as part of a url like user:password@https://myserver.com it might not be masked if it had to be encoded. one of the sources of such problems is being raised as well with maven-scm issue SCM-817, but should be solved in the plugin in general like:

      // MaskPasswordsOutputStream
...
for(String password: passwords) {
    if(StringUtils.isNotEmpty(password)) { // we must not handle empty passwords
        regex.append(Pattern.quote(password));
        regex.append('|');
        try {
            String encodedPassword = URLEncoder.encode(password, "UTF-8");
            if (!encodedPassword.equals(password)) {
                // add to masking regex
                regex.append(Pattern.quote(encodedPassword));
                regex.append('|');
            }
        } catch (UnsupportedEncodingException e) {
            ...
        }
        nbMaskedPasswords++;
    }
}
...

            oleg_nenashev Oleg Nenashev
            msperisen marc sperisen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: