Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43872

Dollar signs in credentials or literal value env vars cause issues in environment in Declarative

    XMLWordPrintable

Details

    Description

      I'm still figuring out all the details, but if you've got an environment directive like this:

      environment {
        SOME_VAR = credentials('some-creds')
        SOME_OTHER_VAR = "Look, I contain ${SOME_VAR}"
      }
      

      where SOME_VAR ends up containing something like $VARIABLES somewhere in it, you get an error like:

      [test1 #1] groovy.lang.MissingPropertyException: No such property: VARIABLES for class: groovy.lang.Binding
      [test1 #1] 	at groovy.lang.Binding.getVariable(Binding.java:63)
      [test1 #1] 	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:224)
      [test1 #1] 	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
      [test1 #1] 	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
      [test1 #1] 	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:28)
      [test1 #1] 	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
      [test1 #1] 	at Script1.run(Script1.groovy:1)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:216)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.call(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:75)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:361)
      ...
      

      Additionally, a $ on its own gets you a different error, but the underlying problem is the same - we're not escaping things properly.

      Attachments

        1. credentials.json
          0.6 kB
          Stephen Donner
        2. jenkins-stack-trace.txt
          10 kB
          Stephen Donner

        Issue Links

          Activity

            Code changed in jenkins
            User: Andrew Bayer
            Path:
            pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/Utils.groovy
            pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/model/Environment.groovy
            pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/EnvironmentTest.java
            pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/steps/CredentialWrapperStepTest.java
            pipeline-model-definition/src/test/resources/credentialsDollarQuotes.groovy
            pipeline-model-definition/src/test/resources/envDollarQuotes.groovy
            pipeline-model-definition/src/test/resources/environmentCrossReferences.groovy
            http://jenkins-ci.org/commit/pipeline-model-definition-plugin/602a93d39a67ab263657970fa305a2d517576cf1
            Log:
            [FIXED JENKINS-43872] Properly escape dollar signs in env evaluation

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Andrew Bayer Path: pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/Utils.groovy pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/model/Environment.groovy pipeline-model-definition/src/main/resources/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/EnvironmentTest.java pipeline-model-definition/src/test/java/org/jenkinsci/plugins/pipeline/modeldefinition/steps/CredentialWrapperStepTest.java pipeline-model-definition/src/test/resources/credentialsDollarQuotes.groovy pipeline-model-definition/src/test/resources/envDollarQuotes.groovy pipeline-model-definition/src/test/resources/environmentCrossReferences.groovy http://jenkins-ci.org/commit/pipeline-model-definition-plugin/602a93d39a67ab263657970fa305a2d517576cf1 Log: [FIXED JENKINS-43872] Properly escape dollar signs in env evaluation
            abayer Andrew Bayer added a comment -

            Released in 1.1.4 just now!

            abayer Andrew Bayer added a comment - Released in 1.1.4 just now!

            I'm still investigating, but looks like this change broke something in our pipeline.

            Had this working in 1.1.3:
            environment {
            GOPATH='${WORKSPACE}'
            ...
             
            with 1.1.4 go is now throwing:
            go: GOPATH entry is relative; must be absolute path: "${WORKSPACE}".
             
             

            mkj Michal Matyjek added a comment - I'm still investigating, but looks like this change broke something in our pipeline. Had this working in 1.1.3: environment { GOPATH='${WORKSPACE}' ...   with 1.1.4 go is now throwing: go: GOPATH entry is relative; must be absolute path: "${WORKSPACE}".    

            Looks like it's the quotes:

            GOPATH='${WORKSPACE}' worked until 1.1.3, does not work in 1.1.4
            GOPATH="${WORKSPACE}" works in 1.1.4...
             

            mkj Michal Matyjek added a comment - Looks like it's the quotes: GOPATH='${WORKSPACE}' worked until 1.1.3, does not work in 1.1.4 GOPATH="${WORKSPACE}" works in 1.1.4...  
            bitwiseman Liam Newman added a comment -

            Bulk closing resolved issues.

            bitwiseman Liam Newman added a comment - Bulk closing resolved issues.

            People

              abayer Andrew Bayer
              abayer Andrew Bayer
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: