-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major
-
Component/s: workflow-basic-steps-plugin
Using withEnv or withCredentials fails to correctly setup the environment meaning replacements don't happen.
withEnv(['TESTVAR=TESTVAL']) { echo env.dump() // TESTVAR is not present echo env.getEnvironment().dump() // TESTVAR is not present echo env.TESTVAR // outputs TESTVAL env.TESTVAR = env.TESTVAR // Should have no effect echo env.dump() // TESTVAR is now present echo env.getEnvironment().dump() // TESTVAR is now present }
The impact of this is that withCredentials blocks don't behave as expected with calls like httpRequest as the variables can't be passed in single quoted, which is a security risk.
For example this does not expand $ENV_KEY in the httpRequest case but does when sh is used
withCredentials([string(credentialsId: 'PasswordEncryptionKey', variable: 'ENC_KEY')]) { try { httpRequest url: 'http://127.0.0.1:1000/$ENC_KEY' // Uses liternal $ENV_KEY } catch (e) { echo "ERROR: $e" } try { node('master') { sh 'echo $ENC_KEY' // Correctly outputs ***** def localEnv = env.getEnvironment() echo localEnv.expand('${ENC_KEY} $ENC_KEY') // Incorrectly output literal ${ENC_KEY} $ENC_KEY } } catch (e) { echo "ERROR: $e" } env.ENC_KEY = env.ENC_KEY // Workaround for some cases echo env.dump() // ENC_KEY is now present try { httpRequest url: 'http://127.0.0.1:1000/$ENC_KEY' // Still uses liternal $ENV_KEY } catch (e) { echo "ERROR: $e" } try { node('master') { sh 'echo $ENC_KEY' // Correctly outputs ***** def localEnv = env.getEnvironment() echo localEnv.expand('${ENC_KEY} $ENC_KEY') // Correctly outputs ***** ***** } } catch (e) { echo "ERROR: $e" } }
