Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61668

Dollar ($) sign gets doubled in credentials if exposed as ENV and used in DSL script

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Fixed but Unreleased (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Labels:
      None
    • Environment:
      Jenkins ver. 2.204.5
      Job DSL (job-dsl): 1.77
      Credentials Binding Plugin (credentials-binding): 1.21
    • Similar Issues:

      Description

      Steps to reproduce

      • Create a Username/Password pair in Credentials both should contain dollar signs (for example u$er and pa$$word)
      • Create a seed job in Jenkins
      • Bind this credentials pair as env variables in the job
      • Add "Process Job DSLs" step with the following in script:

       

      println binding.variables.get('STASH_USERNAME')
      println binding.variables.get('STASH_PASSWORD')
      

       

      • Run the job and see both STASH_PASSWORD and STASH_USERNAME unmasked with two dollars:

       

      Processing provided DSL script
      u$$er
      pa$$$$word

      Workaround

      If EnvInjectBuildWrapper is enabled for the job, the result will be

      Processing provided DSL script
      ****
      pa$word

       As you can see, the second dollar in a pa$$word was escaped, which is also wrong.

       

       

        Attachments

          Issue Links

            Activity

            Hide
            daspilker Daniel Spilker added a comment -

            This has been fixed in Credentials Binding plugin 1.22/1.23.

            See https://www.jenkins.io/security/advisory/2020-05-06/.

            Show
            daspilker Daniel Spilker added a comment - This has been fixed in Credentials Binding plugin 1.22/1.23. See https://www.jenkins.io/security/advisory/2020-05-06/ .

              People

              Assignee:
              daspilker Daniel Spilker
              Reporter:
              decayofmin Roman Komkov
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: