-
Bug
-
Resolution: Fixed
-
Major
-
None
-
-
docker-workflow 1.18
Since it's related to security leaks of credentials up this ticket to Major priority.
Such scenario is needed to be able to reproduce the issue:
node {
withDockerContainer(image: 'docker', args: '-v /var/run/docker.sock:/var/run/docker.sock') {
env.TEST_PWD = 'pwd12345'
withDockerContainer(image: 'docker', args: '-v /var/run/docker.sock:/var/run/docker.sock') {
sh('echo test')
}
}
}
will pass but all env variables will not be masked in case of run the second (internal) withDockerContainer
6.514 [prj #1] [Pipeline] node
6.617 [prj #1] Running on master in /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj
6.617 [prj #1] [Pipeline] {
7.814 [prj #1] [Pipeline] withDockerContainer
7.814 [prj #1] Jenkins does not seem to be running inside a container
7.815 [prj #1] $ docker run -t -d -u 501:20 -w /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj -v /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj:/Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj:rw,z -v /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj@tmp:/Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** ubuntu cat
7.815 [prj #1] $ docker top c44d7264133f649cc80cc97aae11272e00c5023efe9c34e86d69ea71dc7beb91 -eo pid,comm
7.815 [prj #1] [Pipeline] {
10.504 [prj #1] [Pipeline] withDockerContainer
10.504 [prj #1] ERROR: Failed to parse docker version. Please note there is a minimum docker version requirement of v1.7.
10.505 [prj #1] Jenkins does not seem to be running inside a container
10.505 [prj #1] $ docker exec --env BUILD_DISPLAY_NAME=#1 --env BUILD_ID=1 --env BUILD_NUMBER=1 --env BUILD_TAG=jenkins-prj-1 --env BUILD_URL=http://localhost:56168/jenkins/job/prj/1/ --env CLASSPATH= --env EXECUTOR_NUMBER=1 --env HUDSON_HOME=/Users/vkravets/work/my/docker-workflow-plugin/./tmp --env HUDSON_SERVER_COOKIE=586ce441e4ad2814 --env HUDSON_URL=http://localhost:56168/jenkins/ --env JENKINS_HOME=/Users/vkravets/work/my/docker-workflow-plugin/./tmp --env JENKINS_SERVER_COOKIE=586ce441e4ad2814 --env JENKINS_URL=http://localhost:56168/jenkins/ --env JOB_BASE_NAME=prj --env JOB_NAME=prj --env JOB_URL=http://localhost:56168/jenkins/job/prj/ --env NODE_LABELS=master --env NODE_NAME=master --env TEST_PWD=pwd12345 --env workspace=/Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj c44d7264133f649cc80cc97aae11272e00c5023efe9c34e86d69ea71dc7beb91 docker run -t -d -u 501:20 -w /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj -v /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj:/Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj:rw,z -v /Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj@tmp:/Users/vkravets/work/my/docker-workflow-plugin/tmp/workspace/prj@tmp:rw,z -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** ubuntu cat
As you can see such string appeared in the output of the job
docker exec --env BUILD_DISPLAY_NAME=#1 --env BUILD_ID=1 --env BUILD_NUMBER=1 ...
- links to
