Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47101

Pipeline withCredentials step does not mask step descriptions for variables with the same name as existing system variables

    XMLWordPrintable

Details

    • 2.85

    Description

      There seems to be an issue with the Pipeline step withCredentials and how it masks variables.

      It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

      In the console log, the steps are masked correctly (the step description is not included anyway).

      I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

      As a workaround, using a script seems to hide the step description (for shell cmds at least).

      Pipeline code to reproduce:

      pipeline {
    agent any
    
    stages {
        stage('test withCredentials bug'){
            steps {
                withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USER')]) {
                    sh "echo '$USER'"
                    sh './user.sh'
                }
                
                withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USRPWD')]) {
                    sh "echo '$USRPWD'"
                    sh './user.sh'
                }
            }
        }
    }
}

      user.sh helper script exists in the workspace:

      echo "\$USERPWD = $USRPWD"
echo "\$USER = $USER"

      I've attached some screenshots below.

      Attachments

        Issue Links

          duplicates

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-63254 Warn against using secrets in groovy strings

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-53649 Strings from the "echo" step are suppressed in BlueOcean UI if they contain values found in an environment variable

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          relates to

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-36007 Way to mask arbitrary Secret (was: Password is clear on log with input parameter)

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-31582 Log / document the plugin usage in the flow nodes

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-63254 Warn against using secrets in groovy strings

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. JENKINS-37324 We would like a more meaningful description of a step

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            People

              Unassigned Unassigned
              catalin_cretu Catalin Cretu
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: