Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-4428

MavenProbeAction exposes password parameters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • maven-plugin
    • Platform: All, OS: All

      Password parameters of Hudson jobs are visible in plain form when the job is
      running. Look to "Monitor Maven Process/Environment Variables" view.

          [JENKINS-4428] MavenProbeAction exposes password parameters

          Jesse Glick added a comment -

          kopfwunde your issue sounds like JENKINS-23447.

          I am not sure what this issue is about any more; possibly since superseded.

          Jesse Glick added a comment - kopfwunde your issue sounds like JENKINS-23447 . I am not sure what this issue is about any more; possibly since superseded.

          Daniel Beck added a comment -

          This issue is about the MavenProbeAction in Maven Project Plugin, so assigning that as component.

          Daniel Beck added a comment - This issue is about the MavenProbeAction in Maven Project Plugin, so assigning that as component.

          Jesse Glick added a comment -

          Deleted a bunch of apparently unrelated “duplicates”.

          Jesse Glick added a comment - Deleted a bunch of apparently unrelated “duplicates”.

          Anders Hammar added a comment -

          Until this is fixed, would it be possible to add a config option to turn this monitor feature off?

          Anders Hammar added a comment - Until this is fixed, would it be possible to add a config option to turn this monitor feature off?

          Anders Hammar added a comment -

          I've looked into this and have a PoC fix for masking sensitive env vars:
          https://github.com/andham/maven-plugin/tree/poc-JENKINS-4428

          I'd appreciate a second set of eyes on this and some input before starting a PR.
          I'm having issues executing the project's tests, so haven't looked into that just yet.

          Please note that this only masked the env vars, not anything in the system properties page. Maybe the same masking should be applied there?

          Anders Hammar added a comment - I've looked into this and have a PoC fix for masking sensitive env vars: https://github.com/andham/maven-plugin/tree/poc-JENKINS-4428 I'd appreciate a second set of eyes on this and some input before starting a PR. I'm having issues executing the project's tests, so haven't looked into that just yet. Please note that this only masked the env vars, not anything in the system properties page. Maybe the same masking should be applied there?

          Anders Hammar added a comment -

          https://github.com/jenkinsci/maven-plugin/pull/50

          I don't know how to create an IT for this though. Somehow I need to trigger an action during the Maven build and not verify the outcome of a build.

          Anders Hammar added a comment - https://github.com/jenkinsci/maven-plugin/pull/50 I don't know how to create an IT for this though. Somehow I need to trigger an action during the Maven build and not verify the outcome of a build.

          Anders Hammar added a comment -

          Ping. Could someone review and merge please?

          Anders Hammar added a comment - Ping. Could someone review and merge please?

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Anders Hammar
          Path:
          src/main/java/hudson/maven/MavenModuleSetBuild.java
          src/main/java/hudson/maven/MavenProbeAction.java
          http://jenkins-ci.org/commit/maven-plugin/3e970728b46198aa898e507963cc6da27d5ce8cf
          Log:
          [FIXED JENKINS-4428] MavenProbeAction exposes password parameters

          Signed-off-by: Anders Hammar <anders@hammar.net>

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Anders Hammar Path: src/main/java/hudson/maven/MavenModuleSetBuild.java src/main/java/hudson/maven/MavenProbeAction.java http://jenkins-ci.org/commit/maven-plugin/3e970728b46198aa898e507963cc6da27d5ce8cf Log: [FIXED JENKINS-4428] MavenProbeAction exposes password parameters Signed-off-by: Anders Hammar <anders@hammar.net>

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Olivier Lamy
          Path:
          src/main/java/hudson/maven/MavenModuleSetBuild.java
          src/main/java/hudson/maven/MavenProbeAction.java
          http://jenkins-ci.org/commit/maven-plugin/9c5eb51dda735450a6cc7a59201efe2cd795625a
          Log:
          Merge pull request #50 from andham/JENKINS-4428

          [FIXED JENKINS-4428] MavenProbeAction exposes password parameters

          Compare: https://github.com/jenkinsci/maven-plugin/compare/cc6027c7f38c...9c5eb51dda73

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Olivier Lamy Path: src/main/java/hudson/maven/MavenModuleSetBuild.java src/main/java/hudson/maven/MavenProbeAction.java http://jenkins-ci.org/commit/maven-plugin/9c5eb51dda735450a6cc7a59201efe2cd795625a Log: Merge pull request #50 from andham/ JENKINS-4428 [FIXED JENKINS-4428] MavenProbeAction exposes password parameters Compare: https://github.com/jenkinsci/maven-plugin/compare/cc6027c7f38c...9c5eb51dda73

          Arnaud Héritier added a comment -

          Fixed in 2.13

          Arnaud Héritier added a comment - Fixed in 2.13

            ahammar Anders Hammar
            rtlusty rtlusty
            Votes:
            9 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: