Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-46103

Properly restrict which expressions can be passed to credentials(...) in Declarative


    • Declarative - 1.2

      Right now, we allow ConstantExpression or GStringExpression as the parameters to an internal function call (i.e., to credentials(...), but that's a little wonky, because you can actually sneak anything you want into the GStringExpression, i.e., "${someMethodCall(...)}" is legal. Now, locking down the GStringExpression contents is a different matter that I'll deal with some day. Probably. But for now, the question is what else should be allowed as a parameter to credentials(...) - there's probably a valid argument for non-block-scoped steps or functions and variables, so perhaps we should add VariableExpression and method calls with the same rules limiting their parameters as credentials(...) itself.

      Needs more thinking. But soon.

            Unassigned Unassigned
            abayer Andrew Bayer
            1 Vote for this issue
            5 Start watching this issue