Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43872

Dollar signs in credentials or literal value env vars cause issues in environment in Declarative

    XMLWordPrintable

Details

    Description

      I'm still figuring out all the details, but if you've got an environment directive like this:

      environment {
        SOME_VAR = credentials('some-creds')
        SOME_OTHER_VAR = "Look, I contain ${SOME_VAR}"
      }
      

      where SOME_VAR ends up containing something like $VARIABLES somewhere in it, you get an error like:

      [test1 #1] groovy.lang.MissingPropertyException: No such property: VARIABLES for class: groovy.lang.Binding
      [test1 #1] 	at groovy.lang.Binding.getVariable(Binding.java:63)
      [test1 #1] 	at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:224)
      [test1 #1] 	at org.kohsuke.groovy.sandbox.impl.Checker$4.call(Checker.java:241)
      [test1 #1] 	at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:238)
      [test1 #1] 	at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:28)
      [test1 #1] 	at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
      [test1 #1] 	at Script1.run(Script1.groovy:1)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.withEnvBlock(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:216)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.call(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:75)
      [test1 #1] 	at org.jenkinsci.plugins.pipeline.modeldefinition.ModelInterpreter.inDeclarativeAgent(/Users/abayer/IdeaProjects/pipeline-config-plugin/pipeline-model-definition/target/classes/org/jenkinsci/plugins/pipeline/modeldefinition/ModelInterpreter.groovy:361)
      ...
      

      Additionally, a $ on its own gets you a different error, but the underlying problem is the same - we're not escaping things properly.

      Attachments

        Issue Links

          Activity

            abayer Andrew Bayer created issue -
            abayer Andrew Bayer made changes -
            Field Original Value New Value
            Status Open [ 1 ] In Progress [ 3 ]
            abayer Andrew Bayer made changes -
            Summary Dollar signs in credentials cause issues in environment in Declarative Dollar signs in credentials or literal value env vars cause issues in environment in Declarative
            abayer Andrew Bayer made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            abayer Andrew Bayer made changes -
            Remote Link This issue links to "PR #155 (Web Link)" [ 16308 ]
            stephendonner Stephen Donner made changes -
            Attachment credentials.json [ 37459 ]
            stephendonner Stephen Donner made changes -
            Attachment jenkins-stack-trace.txt [ 37460 ]
            abayer Andrew Bayer made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            bitwiseman Liam Newman made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

            People

              abayer Andrew Bayer
              abayer Andrew Bayer
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: