Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47101

Pipeline withCredentials step does not mask step descriptions for variables with the same name as existing system variables

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      2.85

      Description

      There seems to be an issue with the Pipeline step withCredentials and how it masks variables.

      It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

      In the console log, the steps are masked correctly (the step description is not included anyway).

      I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

      As a workaround, using a script seems to hide the step description (for shell cmds at least).

      Pipeline code to reproduce:

      pipeline {
          agent any
          
          stages {
              stage('test withCredentials bug'){
                  steps {
                      withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USER')]) {
                          sh "echo '$USER'"
                          sh './user.sh'
                      }
                      
                      withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USRPWD')]) {
                          sh "echo '$USRPWD'"
                          sh './user.sh'
                      }
                  }
              }
          }
      }
      

      user.sh helper script exists in the workspace:

      echo "\$USERPWD = $USRPWD"
      echo "\$USER = $USER"
      

      I've attached some screenshots below.

        Attachments

          Issue Links

            Activity

            catalin_cretu Catalin Cretu created issue -
            catalin_cretu Catalin Cretu made changes -
            Field Original Value New Value
            Description There seems to be an issue with the Pipeline step \{\{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).
            There seems to be an issue with the Pipeline step {{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).

             

             
            catalin_cretu Catalin Cretu made changes -
            Attachment jenkins-pipeline-withCredentials-consoleText.txt [ 39836 ]
            catalin_cretu Catalin Cretu made changes -
            Description There seems to be an issue with the Pipeline step {{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).

             

             
            There seems to be an issue with the Pipeline step {{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).

            !jenkins-pipeline-withCredentials-log-steps.png|width=700!

            !jenkins-pipeline-withCredentials-log-step-existing-var-cmd-collapsed.png!
             
            catalin_cretu Catalin Cretu made changes -
            Attachment jenkins-pipeline-withCredentials-log-steps.png [ 39831 ]
            catalin_cretu Catalin Cretu made changes -
            Attachment jenkins-pipeline-withCredentials-log-step-existing-var-cmd-collapsed.png [ 39835 ]
            catalin_cretu Catalin Cretu made changes -
            Attachment jenkins-pipeline-withCredentials-log-step-existing-var-script-collapsed.png [ 39834 ]
            catalin_cretu Catalin Cretu made changes -
            Attachment jenkins-pipeline-withCredentials-log-step-new-var-cmd-collapsed.png [ 39833 ]
            catalin_cretu Catalin Cretu made changes -
            Attachment jenkins-pipeline-withCredentials-log-step-new-var-script-collapsed.png [ 39832 ]
            catalin_cretu Catalin Cretu made changes -
            Description There seems to be an issue with the Pipeline step {{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).

            !jenkins-pipeline-withCredentials-log-steps.png|width=700!

            !jenkins-pipeline-withCredentials-log-step-existing-var-cmd-collapsed.png!
             
            There seems to be an issue with the Pipeline step {{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).
            catalin_cretu Catalin Cretu made changes -
            Description There seems to be an issue with the Pipeline step {{withCredentials}} and how it masksvariables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).
            There seems to be an issue with the Pipeline step {{withCredentials}} and how it masks variables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).

            Pipeline code to reproduce:
            {code:java}
            pipeline {
                agent any
                
                stages {
                    stage('test withCredentials bug'){
                        steps {
                            withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USER')]) {
                                sh "echo '$USER'"
                                sh './user.sh'
                            }
                            
                            withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USRPWD')]) {
                                sh "echo '$USRPWD'"
                                sh './user.sh'
                            }
                        }
                    }
                }
            }
            {code}
            {{user.sh}} helper script exists in the workspace:
            {code:java}
            echo "\$USERPWD = $USRPWD"
            echo "\$USER = $USER"
            {code}
            I've attached some screenshots below.
            catalin_cretu Catalin Cretu made changes -
            Description There seems to be an issue with the Pipeline step {{withCredentials}} and how it masks variables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).

            Pipeline code to reproduce:
            {code:java}
            pipeline {
                agent any
                
                stages {
                    stage('test withCredentials bug'){
                        steps {
                            withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USER')]) {
                                sh "echo '$USER'"
                                sh './user.sh'
                            }
                            
                            withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USRPWD')]) {
                                sh "echo '$USRPWD'"
                                sh './user.sh'
                            }
                        }
                    }
                }
            }
            {code}
            {{user.sh}} helper script exists in the workspace:
            {code:java}
            echo "\$USERPWD = $USRPWD"
            echo "\$USER = $USER"
            {code}
            I've attached some screenshots below.
            There seems to be an issue with the Pipeline step {{withCredentials}} and how it masks variables.

            It seems that when a variable name already exists in the current environment, the step description masking is skipped and the variables are rendered as clear text.

            In the console log, the steps are masked correctly (the step description is not included anyway).

            I first observed this happening in the Blue Ocean UI as part of a script pipeline job.

            As a workaround, using a script seems to hide the step description (for shell cmds at least).


            Pipeline code to reproduce:
            {code:java}
            pipeline {
                agent any
                
                stages {
                    stage('test withCredentials bug'){
                        steps {
                            withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USER')]) {
                                sh "echo '$USER'"
                                sh './user.sh'
                            }
                            
                            withCredentials([usernameColonPassword(credentialsId: 'withCredentialsBug', variable: 'USRPWD')]) {
                                sh "echo '$USRPWD'"
                                sh './user.sh'
                            }
                        }
                    }
                }
            }
            {code}


            {{user.sh}} helper script exists in the workspace:
            {code:java}
            echo "\$USERPWD = $USRPWD"
            echo "\$USER = $USER"
            {code}
            I've attached some screenshots below.
            stephenconnolly Stephen Connolly made changes -
            Component/s credentials-binding-plugin [ 18129 ]
            Component/s credentials-plugin [ 16523 ]
            stephenconnolly Stephen Connolly made changes -
            Assignee Stephen Connolly [ stephenconnolly ]
            jglick Jesse Glick made changes -
            Component/s workflow-cps-plugin [ 21713 ]
            Component/s credentials-binding-plugin [ 18129 ]
            svanoort Sam Van Oort made changes -
            Component/s credentials-binding-plugin [ 18129 ]
            Component/s mask-passwords-plugin [ 15761 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-31582 [ JENKINS-31582 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-36007 [ JENKINS-36007 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-37324 [ JENKINS-37324 ]
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-53649 [ JENKINS-53649 ]
            jglick Jesse Glick made changes -
            Link This issue relates to JENKINS-63254 [ JENKINS-63254 ]
            carroll Carroll Chiou made changes -
            Link This issue duplicates JENKINS-63254 [ JENKINS-63254 ]
            carroll Carroll Chiou made changes -
            Released As 2.85
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
            carroll Carroll Chiou made changes -
            Status Fixed but Unreleased [ 10203 ] Resolved [ 5 ]

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              catalin_cretu Catalin Cretu
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: