[JENKINS-40734] Shell step cannot use environment variables that contain $$

Type: Bug
Resolution: Fixed
Priority: Minor
Component/s: durable-task-plugin
Labels:
- environment
- pipeline
Environment:

Hide
CentOS 6.8
Jenkins 2.38

durable-task-plugin 1.12

workflow-aggregator (pipeline) 2.4 and all its dependencies:
workflow-cps (version:2.17)
workflow-support (version:2.5)
workflow-basic-steps (version:2.1)
pipeline-input-step (version:2.1)
pipeline-milestone-step (version:1.0)
pipeline-build-step (version:2.2)
pipeline-stage-view (version:2.0)
workflow-multibranch (version:2.8)
workflow-durable-task-step (version:2.4)
workflow-api (version:2.3)
pipeline-stage-step (version:2.2)
workflow-scm-step (version:2.2)
workflow-cps-global-lib (version:2.3)
workflow-step-api (version:2.3)
workflow-job (version:2.6)

Show
CentOS 6.8 Jenkins 2.38 durable-task-plugin 1.12 workflow-aggregator (pipeline) 2.4 and all its dependencies: workflow-cps (version:2.17) workflow-support (version:2.5) workflow-basic-steps (version:2.1) pipeline-input-step (version:2.1) pipeline-milestone-step (version:1.0) pipeline-build-step (version:2.2) pipeline-stage-view (version:2.0) workflow-multibranch (version:2.8) workflow-durable-task-step (version:2.4) workflow-api (version:2.3) pipeline-stage-step (version:2.2) workflow-scm-step (version:2.2) workflow-cps-global-lib (version:2.3) workflow-step-api (version:2.3) workflow-job (version:2.6)

Similar Issues:
Powered by SuggestiMate

Show

When I run a Jenkinsfile that has a sh step that uses an environment variable (such as a password) that has two $$ in a row, they get replaced with one $.

Here's the steps to reproduce:
1. Make a global credential id "foo", username "foo", password "bar$$baz"
2. Use this Jenkinsfile:

node('linux') {
    withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'foo', passwordVariable: 'PASSWORD', usernameVariable: 'USERNAME']]) {            
        echo "Username: ${env.USERNAME}"
        echo "Password: ${env.PASSWORD}"
        sh 'echo Username: $USERNAME, Password: $PASSWORD'
    }
}

When the build runs, the echo steps properly echo the user/pass which are then masked. But the shell step doesn't mask the password, which is incorrect. It has lost a $

[Pipeline] echo
Username: ****
[Pipeline] echo
Password: ****
[Pipeline] sh
[s_example] Running shell script
+ echo Username: ****, Password: bar$baz
Username: ****, Password: bar$baz

depends on

JENKINS-41225 durable-task 1.13 is failing with remote Windows accessed through Cygwin sshd.

In Review

is blocked by

JENKINS-41339 Environment variables referencing other variables broken

Reopened

relates to

JENKINS-27040 Bound variables strip multiple dollar signs

Resolved

JENKINS-61950 Environment variables with '$' have '$$' when used in sh step inside a container step.

Resolved

links to

CloudBees Internal OSS-1830

PR 34

(1 links to)

Ben Dean created issue - 2016-12-30 14:59

Jesse Glick made changes - 2017-01-05 17:49

Resolution		New: Not A Defect [ 7 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Ben Dean made changes - 2017-01-09 15:33

Comment

[ [~jglick], the shell script you suggested doesn't work either. Putting single quotes around the environment variables will cause bash (or sh, or dash, or whatever the shell is) to not evaluate them and the output of the build is:

{code:none}
+ echo Username: $USERNAME, Password: $PASSWORD
Username: $USERNAME, Password: $PASSWORD
{code}

If I change those to double quotes it will evaluate them, but it will have the same problem it had before

{code:none}
sh '''
echo Username: "$USERNAME", Password: "$PASSWORD"
'''
{code}

outputs:
{code:none}
+ echo Username: ****, Password: bar$baz
Username: ****, Password: bar$baz
{code}

And don't think to much about the {{echo}} command in the shell either. In the real place where I'm running into this problem, I'm passing the username and password to some CLI:

{code:none}
sh '''
some-cli do stuff "$USERNAME" "$PASSWORD"
'''
{code}

and they have to be double quoted there so bash will correctly pass the args to the command line if they contain spaces or other characters that have to be quoted. ]

Ben Dean made changes - 2017-01-09 15:34

Resolution	Original: Not A Defect [ 7 ]
Status	Original: Resolved [ 5 ]	New: Reopened [ 4 ]

Jesse Glick made changes - 2017-01-10 21:29

Component/s	Original: pipeline [ 21692 ]
Component/s	Original: workflow-durable-task-step-plugin [ 21715 ]
Assignee		New: Jesse Glick [ jglick ]
Labels	Original: credentials environment-variables pipeline shell	New: environment pipeline

Jesse Glick made changes - 2017-01-10 21:29

Status

Original: Reopened [ 4 ]

New: Open [ 1 ]

Jesse Glick made changes - 2017-01-10 21:29

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Jesse Glick made changes - 2017-01-10 21:57

Remote Link

New: This issue links to "PR 34 (Web Link)" [ 15239 ]

Jesse Glick made changes - 2017-01-10 21:57

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Jesse Glick made changes - 2017-01-18 22:00

Resolution		New: Fixed [ 1 ]
Status	Original: In Review [ 10005 ]	New: Resolved [ 5 ]

Jesse Glick made changes - 2017-01-26 14:13

Link

New: This issue is blocked by JENKINS-41339 [ JENKINS-41339 ]

Assignee:: Jesse Glick

Reporter:: Ben Dean

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2016-12-30 14:59

Updated:: 2020-04-17 15:41

Resolved:: 2017-01-18 22:00

Jenkins

Details

Description

Attachments

Issue Links

Activity

People

Dates