-
Bug
-
Resolution: Unresolved
-
Minor
-
None
Discovered during the addition of base64 masking, a test (see config-file-provider/PR-296) from the config-file-provider-plugin suddenly started to fail with the following error.
java.io.IOException: Illegal base64 character 0x2a at java.base/java.util.Base64$DecInputStream.read(Base64.java:1160) at java.base/java.io.DataInputStream.read(DataInputStream.java:151) at java.base/java.io.DataInputStream.readFully(DataInputStream.java:201) at hudson.util.IOUtils.skip(IOUtils.java:90) at hudson.console.ConsoleNote.skip(ConsoleNote.java:311) at hudson.console.PlainTextConsoleOutputStream.eol(PlainTextConsoleOutputStream.java:67) at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75) at org.apache.commons.io.output.ProxyOutputStream.write(ProxyOutputStream.java:92) at org.kohsuke.stapler.framework.io.LargeText.writeLogTo(LargeText.java:233) at hudson.console.AnnotatedLargeText.writeLogTo(AnnotatedLargeText.java:164) at org.jvnet.hudson.test.JenkinsRule.getLog(JenkinsRule.java:1536) at org.jvnet.hudson.test.JenkinsRule.assertLogNotContains(JenkinsRule.java:1525) at org.jenkinsci.plugins.configfiles.maven.MavenSettingsConfigTest.freestyleWithCredentials(MavenSettingsConfigTest.java:157)
The root cause has been identified, it was coincidental masking (corresponding to the base64 format of a short credential) of a snippet of a serialized ConsoleNote that was unrelated to any secrets in scope.
Also, it has been confirmed that this is not only happening with base64 masking, but that any secret masking could result in this behavior.
Note: Corrupted ConsoleNote are now prevented from breaking log streaming by https://github.com/jenkinsci/jenkins/pull/8378
- relates to
-
JENKINS-61452 Illegal base64 character in FileLogStorage$1.writeHtmlTo(FileLogStorage.java:203)
-
- Closed
-
[JENKINS-72035] Secrets masking affects encoded console notes
Description |
Original:
Discovered during the addition of base64 masking, a test (see [config-file-provider/PR-296|https://github.com/jenkinsci/config-file-provider-plugin/pull/296]) from the config-file-provider-plugin suddenly started to fail with the following error.
{noformat} java.io.IOException: Illegal base64 character 0x2a at java.base/java.util.Base64$DecInputStream.read(Base64.java:1160) at java.base/java.io.DataInputStream.read(DataInputStream.java:151) at java.base/java.io.DataInputStream.readFully(DataInputStream.java:201) at hudson.util.IOUtils.skip(IOUtils.java:90) at hudson.console.ConsoleNote.skip(ConsoleNote.java:311) at hudson.console.PlainTextConsoleOutputStream.eol(PlainTextConsoleOutputStream.java:67) at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75) at org.apache.commons.io.output.ProxyOutputStream.write(ProxyOutputStream.java:92) at org.kohsuke.stapler.framework.io.LargeText.writeLogTo(LargeText.java:233) at hudson.console.AnnotatedLargeText.writeLogTo(AnnotatedLargeText.java:164) at org.jvnet.hudson.test.JenkinsRule.getLog(JenkinsRule.java:1536) at org.jvnet.hudson.test.JenkinsRule.assertLogNotContains(JenkinsRule.java:1525) at org.jenkinsci.plugins.configfiles.maven.MavenSettingsConfigTest.freestyleWithCredentials(MavenSettingsConfigTest.java:157) {noformat} The root cause has been identified, it was coincidental masking (corresponding to the base64 format of a short credential) of a snippet of a serialized ConsoleNote that was unrelated to any secrets in scope. Also, it has been confirmed that this is not only happening with base64 masking, but that any secret masking could result in this behavior. Note: Corrupted ConsoleNote are prevented from breaking log streaming by [https://github.com/jenkinsci/jenkins/pull/8378] |
New:
Discovered during the addition of base64 masking, a test (see [config-file-provider/PR-296|https://github.com/jenkinsci/config-file-provider-plugin/pull/296]) from the config-file-provider-plugin suddenly started to fail with the following error.
{noformat} java.io.IOException: Illegal base64 character 0x2a at java.base/java.util.Base64$DecInputStream.read(Base64.java:1160) at java.base/java.io.DataInputStream.read(DataInputStream.java:151) at java.base/java.io.DataInputStream.readFully(DataInputStream.java:201) at hudson.util.IOUtils.skip(IOUtils.java:90) at hudson.console.ConsoleNote.skip(ConsoleNote.java:311) at hudson.console.PlainTextConsoleOutputStream.eol(PlainTextConsoleOutputStream.java:67) at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57) at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75) at org.apache.commons.io.output.ProxyOutputStream.write(ProxyOutputStream.java:92) at org.kohsuke.stapler.framework.io.LargeText.writeLogTo(LargeText.java:233) at hudson.console.AnnotatedLargeText.writeLogTo(AnnotatedLargeText.java:164) at org.jvnet.hudson.test.JenkinsRule.getLog(JenkinsRule.java:1536) at org.jvnet.hudson.test.JenkinsRule.assertLogNotContains(JenkinsRule.java:1525) at org.jenkinsci.plugins.configfiles.maven.MavenSettingsConfigTest.freestyleWithCredentials(MavenSettingsConfigTest.java:157) {noformat} The root cause has been identified, it was coincidental masking (corresponding to the base64 format of a short credential) of a snippet of a serialized ConsoleNote that was unrelated to any secrets in scope. Also, it has been confirmed that this is not only happening with base64 masking, but that any secret masking could result in this behavior. Note: Corrupted ConsoleNote are now prevented from breaking log streaming by [https://github.com/jenkinsci/jenkins/pull/8378] |
Summary | Original: Masking encoded console notes | New: Secrets masking affects encoded console notes |
Link |
New:
This issue relates to |