-
Bug
-
Resolution: Unresolved
-
Critical
When utilizing the "Mask Passwords Plugin" https://wiki.jenkins.io/display/JENKINS/Mask+Passwords+Plugin
In a Jenkins Pipeline Job as follows:
vaultlookupsecret = 'mysupersekr3tp@sswordstuffz' wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: 'vaultlookupsecret', password: vaultlookupsecret]], varMaskRegexes: []]) { script{ mystuff = sh(script: "/bin/bash script.sh -p \"${vaultlookupsecret}\" > output_upload.txt", returnStatus: true).toString().trim() } }
Within the "normal" jenkins job logs - this is properly masked as expected- and appears as follows:
+ /bin/bash script.sh -p ********
When viewing these same log(s) in the "BlueOcean" Pane - the top level step displays the commandline including the password in plaintext. When selecting the "dropdown" on this item within blueocean - the log display(s) the same commandline with the properly "masked" data.
Top Level/Label in Blue Ocean:
/bin/bash script.sh -p mysupersekr3tp@sswordstuffz
Drop-Down in Blue Ocean:
+ /bin/bash script.sh -p ********
I'm not sure if there is some configuration i need to make within BlueOcean, but "normal" logs are masked properly, it is only "BlueOcean" logs which seem unmasked (even though when selecting the drop-down - the log is again masked.
Version(s):
Jenkins 2.176.1
BlueOcean Plugin: 1.17.0
Mask Passwords Plugin 2.12.0
Note: I selected "componenets: core" as i "think" the BlueOcean Plugin is technically "core" now - and there isn't a component for "BlueOcean Specifically.
[JENKINS-59214] BlueOcean UI and pipeline steps view (FlowGraphTable ) reveal sensitive data
Component/s | New: blueocean-plugin [ 21481 ] | |
Component/s | Original: core [ 21134 ] | |
Key | Original: INFRA-2246 | New: JENKINS-59214 |
Workflow | Original: classic default workflow [ 238988 ] | New: JNJira + In-Review [ 239069 ] |
Project | Original: Infrastructure [ 10301 ] | New: Jenkins [ 10172 ] |
Component/s | New: mask-passwords-plugin [ 15761 ] |
Attachment | New: Screen Shot 2019-10-04 at 4.35.13 PM.png [ 49024 ] |
Attachment | New: normalLog.png [ 51654 ] |
Attachment | New: blueOceanUi.png [ 51655 ] |
Attachment | New: pipelineStepsUi.png [ 51656 ] |
Summary | Original: BlueOcean output does not honor MaskedPassword Plugin | New: BlueOcean UI and pipeline steps view (FlowGraphTable ) reveal sensitive data |
Component/s | New: core [ 15593 ] |
Priority | Original: Major [ 3 ] | New: Critical [ 2 ] |
Labels | New: help-wanted |