-
Type:
Task
-
Resolution: Duplicate
-
Priority:
Minor
-
Component/s: credentials-binding-plugin, job-dsl-plugin
-
Environment:Jenkins ver. 2.204.5
Job DSL (job-dsl): 1.77
Credentials Binding Plugin (credentials-binding): 1.21
Steps to reproduce
- Create a Username/Password pair in Credentials both should contain dollar signs (for example u$er and pa$$word)
- Create a seed job in Jenkins
- Bind this credentials pair as env variables in the job
- Add "Process Job DSLs" step with the following in script:
Â
println binding.variables.get('STASH_USERNAME') println binding.variables.get('STASH_PASSWORD')
Â
- Run the job and see both STASH_PASSWORD and STASH_USERNAME unmasked with two dollars:
Â
Processing provided DSL script u$$er pa$$$$word
Workaround
If EnvInjectBuildWrapper is enabled for the job, the result will be
Processing provided DSL script **** pa$word
 As you can see, the second dollar in a pa$$word was escaped, which is also wrong.
Â
Â
- duplicates
-
JENKINS-62272 Credentials Binding Plugin 1.23 $$ SECURITY-1835
-
- Closed
-
