Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-34908

mask-password does not mask url encoded passwords

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      if a password is used as part of a url like user:password@https://myserver.com it might not be masked if it had to be encoded. one of the sources of such problems is being raised as well with maven-scm issue SCM-817, but should be solved in the plugin in general like:

      // MaskPasswordsOutputStream
      ...
      for(String password: passwords) {
          if(StringUtils.isNotEmpty(password)) { // we must not handle empty passwords
              regex.append(Pattern.quote(password));
              regex.append('|');
              try {
                  String encodedPassword = URLEncoder.encode(password, "UTF-8");
                  if (!encodedPassword.equals(password)) {
                      // add to masking regex
                      regex.append(Pattern.quote(encodedPassword));
                      regex.append('|');
                  }
              } catch (UnsupportedEncodingException e) {
                  ...
              }
              nbMaskedPasswords++;
          }
      }
      ...
      

        Attachments

          Activity

          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          I agree, such improvement would be useful.
          Could you create a pull request with the proposed change and several unit tests?

          Show
          oleg_nenashev Oleg Nenashev added a comment - I agree, such improvement would be useful. Could you create a pull request with the proposed change and several unit tests?
          Hide
          msperisen marc sperisen added a comment - - edited

          done, tests done based on existing test case. see pull request

          Show
          msperisen marc sperisen added a comment - - edited done, tests done based on existing test case. see pull request
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: msperisen
          Path:
          src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsOutputStream.java
          src/test/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsURLEncodingTest.java
          http://jenkins-ci.org/commit/mask-passwords-plugin/25947b074119ee6a4cfc30917375ef7c10c06319
          Log:
          JENKINS-34908, mask url encoded passwords if necessary

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: msperisen Path: src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsOutputStream.java src/test/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsURLEncodingTest.java http://jenkins-ci.org/commit/mask-passwords-plugin/25947b074119ee6a4cfc30917375ef7c10c06319 Log: JENKINS-34908 , mask url encoded passwords if necessary
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsOutputStream.java
          src/test/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsURLEncodingTest.java
          http://jenkins-ci.org/commit/mask-passwords-plugin/38bea3abecd78b31e20a281bcaa1564324f1ac8f
          Log:
          Merge branch 'merge/JENKINS-34908'

          Conflicts:
          src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsOutputStream.java

          Compare: https://github.com/jenkinsci/mask-passwords-plugin/compare/f8fb42b62323...38bea3abecd7

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsOutputStream.java src/test/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsURLEncodingTest.java http://jenkins-ci.org/commit/mask-passwords-plugin/38bea3abecd78b31e20a281bcaa1564324f1ac8f Log: Merge branch 'merge/ JENKINS-34908 ' Conflicts: src/main/java/com/michelin/cio/hudson/plugins/maskpasswords/MaskPasswordsOutputStream.java Compare: https://github.com/jenkinsci/mask-passwords-plugin/compare/f8fb42b62323...38bea3abecd7
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          From what I see in the commit history, it has been released in mask-passwords-2.9

          Show
          oleg_nenashev Oleg Nenashev added a comment - From what I see in the commit history, it has been released in mask-passwords-2.9

            People

            Assignee:
            oleg_nenashev Oleg Nenashev
            Reporter:
            msperisen marc sperisen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: