Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-40166

Passwords not quoted correctly in Windows

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • git-client-plugin
    • None
    • Windows

      In https://github.com/jenkinsci/git-client-plugin/blob/master/src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java

      Method createWindowsStandardAskpass() & createWindowsSshAskpass() create cmd.exe .bat batch files are created that echo the passwords to standard out. They use this method to encode the password:

      private String quoteWindowsCredentials(String str)

      { // Assumes the only meaningful character is %, this may be // insufficient.* return str.replace("%", "%%"); }

      This misses several characters are missed that also need to be quoted, see http://ss64.com/nt/syntax-esc.html for more specifics.

      Specifically the cmd.exe caret ^ escape character is needed to quote backslash, ampersand, right bracket, left bracket, caret, space and tab characters:
      ^\ ^& ^| ^> ^< ^^ ^ (note there is a space) and ^ (note there is a tab)

      This could easily be implemented by adding additional lines to the method for each of these extra characters.

      Currently when you use these characters in a Git password and run the job on windows you get very poor error messages saying that the fetch operation failed do to an error in ASKPASS.

          [JENKINS-40166] Passwords not quoted correctly in Windows

            markewaite Mark Waite
            flstaats Frederick Staats
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: