Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44640

Legacy SCM Git throws NullPointerException

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • git-plugin
    • None
    • Jenkins 2.46.2
      git-plugin:3.3.0

    Description

      The `checkUrl` of Legacy SCM Git thorws a NullPointerException trying to track credentials provided. It looks like the context is null:

      Jun 02, 2017 4:18:52 PM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: Error while serving http://allan.cje.com:8083/descriptorByName/hudson.plugins.git.UserRemoteConfig/checkUrl
java.lang.reflect.InvocationTargetException
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:347)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
	at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
	at com.cloudbees.jenkins.ha.HAHealthCheckFilter.doFilter(HAHealthCheckFilter.java:35)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
	at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at com.cloudbees.opscenter.client.plugin.OfflineSecurityRealmFilter._doFilter(OfflineSecurityRealmFilter.java:95)
	at com.cloudbees.opscenter.client.plugin.OfflineSecurityRealmFilter.doFilter(OfflineSecurityRealmFilter.java:70)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at com.cloudbees.opscenter.security.ClusterSessionFilter._doFilter(ClusterSessionFilter.java:69)
	at com.cloudbees.opscenter.security.ClusterSessionFilter.doFilter(ClusterSessionFilter.java:44)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at org.jenkinsci.plugins.suppress_stack_trace.SuppressionFilter.doFilter(SuppressionFilter.java:34)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:126)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NullPointerException
	at com.cloudbees.plugins.credentials.CredentialsProvider.trackAll(CredentialsProvider.java:1593)
	at com.cloudbees.plugins.credentials.CredentialsProvider.track(CredentialsProvider.java:1557)
	at hudson.plugins.git.UserRemoteConfig$DescriptorImpl.doCheckUrl(UserRemoteConfig.java:190)
	at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
	at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
	... 81 more

      How to Reproduce

      • Configuring a Global Pipeline Library under Manage Jenkins > Configure system
      • Choose a Legacy SCM > Git
      • Specifying a URL
      • Select credentials

      You should see the NPE appear.

      Useful Links

      https://github.com/jenkinsci/git-plugin/blob/git-3.3.0/src/main/java/hudson/plugins/git/UserRemoteConfig.java#L190
      https://github.com/jenkinsci/credentials-plugin/blob/credentials-2.1.13/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L1557
      https://github.com/jenkinsci/credentials-plugin/blob/credentials-2.1.13/src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java#L1593

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          markewaite Mark Waite added a comment -

          Thanks for detecting that bug.

          I submitted a pull request to remove the credentials tracking at that location, since I believe credentials tracking is intended for "references that matter in the history of the job and the server", not for "validating user input" use cases.

          I'd love to have you as one of the code reviewers. A build containing that change will be available from the PR-499 job in the "artifacts" section.

          markewaite Mark Waite added a comment - Thanks for detecting that bug. I submitted a pull request to remove the credentials tracking at that location, since I believe credentials tracking is intended for "references that matter in the history of the job and the server", not for "validating user input" use cases. I'd love to have you as one of the code reviewers. A build containing that change will be available from the PR-499 job in the "artifacts" section.
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Mark Waite
          Path:
          src/main/java/hudson/plugins/git/UserRemoteConfig.java
          http://jenkins-ci.org/commit/git-plugin/541c4b6ca10216def62898859264d7f136fca5f1
          Log:
          JENKINS-44640 - Fix NPE checking legacy git SCM URL

          Credential tracking is intended to track relevant and valuable use of
          the credential, not something as simple as using that credential in a
          form validation.

          Form validation is valuable for the user experience of the
          administrator, but it is not valuable enough to track the credential
          use in validating the form.

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/main/java/hudson/plugins/git/UserRemoteConfig.java http://jenkins-ci.org/commit/git-plugin/541c4b6ca10216def62898859264d7f136fca5f1 Log: JENKINS-44640 - Fix NPE checking legacy git SCM URL Credential tracking is intended to track relevant and valuable use of the credential, not something as simple as using that credential in a form validation. Form validation is valuable for the user experience of the administrator, but it is not valuable enough to track the credential use in validating the form.
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Mark Waite
          Path:
          src/main/java/hudson/plugins/git/UserRemoteConfig.java
          http://jenkins-ci.org/commit/git-plugin/2903c1a9657a54d29cc5a6be0e9ad61c572ff8ce
          Log:
          Merge pull request #499 from MarkEWaite/master-PRxxx-npe-passing-null-context-to-credentials

          JENKINS-44640 - Fix NPE checking legacy git SCM URL

          Compare: https://github.com/jenkinsci/git-plugin/compare/a274696e2961...2903c1a9657a

          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/main/java/hudson/plugins/git/UserRemoteConfig.java http://jenkins-ci.org/commit/git-plugin/2903c1a9657a54d29cc5a6be0e9ad61c572ff8ce Log: Merge pull request #499 from MarkEWaite/master-PRxxx-npe-passing-null-context-to-credentials JENKINS-44640 - Fix NPE checking legacy git SCM URL Compare: https://github.com/jenkinsci/git-plugin/compare/a274696e2961...2903c1a9657a
          markewaite Mark Waite added a comment -

          Fixed in git plugin 3.31, likely release by 12 Jun 2017

          markewaite Mark Waite added a comment - Fixed in git plugin 3.31, likely release by 12 Jun 2017
          markewaite Mark Waite added a comment -

          Fixed in git plugin 3.3.1 released 23 Jun 2017

          markewaite Mark Waite added a comment - Fixed in git plugin 3.3.1 released 23 Jun 2017

          People

            markewaite Mark Waite
            allan_burdajewicz Allan BURDAJEWICZ
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: