Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63571

Jenkins 2.235.5 mask random data

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Since last update to Jenkins 2.235.5 it starts to randomly mask necessary info in the outputs.
      Masked information includes: dates, comments, random number sequences, hosts, url's.

       

        Attachments

          Activity

          Hide
          markewaite Mark Waite added a comment -

          I believe that a plugin is required for that type of masking. Did your change to Jenkins 2.235.5 also upgrade the mask passwords plugin or other plugins?

          Show
          markewaite Mark Waite added a comment - I believe that a plugin is required for that type of masking. Did your change to Jenkins 2.235.5 also upgrade the mask passwords plugin or other plugins?
          Hide
          pablodemian Pablo Demian added a comment - - edited

          No, mask-password plugin is not installed, Ec2 plugin was the only plugin updated.

          Should i install mask-password plugin ?

          Show
          pablodemian Pablo Demian added a comment - - edited No, mask-password plugin is not installed, Ec2 plugin was the only plugin updated. Should i install mask-password plugin ?
          Hide
          markewaite Mark Waite added a comment -

          I don't think additional plugins should be installed until the cause of the change is understood. The credentials binding plugin is also able to mask secrets. You might check if that plugin is being used in your environment.

          Show
          markewaite Mark Waite added a comment - I don't think additional plugins should be installed until the cause of the change is understood. The credentials binding plugin is also able to mask secrets. You might check if that plugin is being used in your environment.
          Hide
          pablodemian Pablo Demian added a comment -

          Hey Mark, thanks for you reply. Yes credentials binding plugin is installed !

          Show
          pablodemian Pablo Demian added a comment - Hey Mark, thanks for you reply. Yes credentials binding plugin is installed !
          Hide
          dzvenyhorodskyi Denys added a comment -

          Pablo Demian Have you solved your problem? I have the same problem after updating.

          Show
          dzvenyhorodskyi Denys added a comment - Pablo Demian  Have you solved your problem? I have the same problem after updating.
          Hide
          pablodemian Pablo Demian added a comment -

          Hello Denys no i dont, it still working the same way

          Show
          pablodemian Pablo Demian added a comment - Hello Denys no i dont, it still working the same way
          Hide
          dzvenyhorodskyi Denys added a comment -

          Pablo Demian Watch this JENKINS-63618 . This is my case.

          Show
          dzvenyhorodskyi Denys added a comment - Pablo Demian  Watch this  JENKINS-63618  . This is my case.
          Hide
          eplodn1 efo plo added a comment - - edited

          Mark Waite I believe that if some string is used in credentials, that string is masked, whenever found.
          My pipeline:

          pipeline {
              agent any
          
              environment {
                  SERVER = 'http://server.mycompany.com:9000'
              }
          
              stages {
                  stage('Do the job') {
                      steps {
                          script {
                              withCredentials([usernamePassword(credentialsId: 'SOME_CREDENTIALS_ID',
                                                          passwordVariable: 'ACCESS_KEY', // "mycompany"
                                                          usernameVariable: 'SECRET_KEY')])  // "mycompany"
                              { 
          
                                  def my_secret_params = '$ACCESS_KEY $SECRET_KEY' // to prevent insecure interpolation
                                  def my_script = """#!/bin/bash -e
                                      echo mc config host add minio ${SERVER} ${my_secret_params}
                                  """
                                  sh label: 'Run', script: my_script
                              }
                          }
                      }
                  }
              }
          }
          
          [Pipeline] sh (Run)
          Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
          		 Affected argument(s) used the following variable(s): [SECRET_KEY, ACCESS_KEY]
          		 See https://jenkins.io/redirect/groovy-string-interpolation for details.
          mc config host add minio http://server.****.com:9000 **** ****
          

          The string "mycompany" was replaced as a part of URL with "****".
          If I change the url to have "my-company" in it, the pipeline runs with no warnings.

          [Pipeline] withCredentials
          Masking supported pattern matches of $SECRET_KEY or $ACCESS_KEY
          [Pipeline] {
          [Pipeline] sh (Run)
          mc config host add minio http://server.my-company.com:9000 **** ****
          
          Show
          eplodn1 efo plo added a comment - - edited Mark Waite I believe that if some string is used in credentials, that string is masked, whenever found. My pipeline: pipeline { agent any environment { SERVER = 'http: //server.mycompany.com:9000' } stages { stage( 'Do the job' ) { steps { script { withCredentials([usernamePassword(credentialsId: 'SOME_CREDENTIALS_ID' , passwordVariable: 'ACCESS_KEY' , // "mycompany" usernameVariable: 'SECRET_KEY' )]) // "mycompany" { def my_secret_params = '$ACCESS_KEY $SECRET_KEY' // to prevent insecure interpolation def my_script = """#!/bin/bash -e echo mc config host add minio ${SERVER} ${my_secret_params} """ sh label: 'Run' , script: my_script } } } } } } [Pipeline] sh (Run) Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure. Affected argument(s) used the following variable(s): [SECRET_KEY, ACCESS_KEY] See https: //jenkins.io/redirect/groovy-string-interpolation for details. mc config host add minio http: //server.****.com:9000 **** **** The string "mycompany" was replaced as a part of URL with "****". If I change the url to have "my-company" in it, the pipeline runs with no warnings. [Pipeline] withCredentials Masking supported pattern matches of $SECRET_KEY or $ACCESS_KEY [Pipeline] { [Pipeline] sh (Run) mc config host add minio http: //server.my-company.com:9000 **** ****

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            pablodemian Pablo Demian
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: