The com.cloudbees.jenkins.plugins.bitbucket.credentials.BitbucketUsernamePasswordCredentialMatcher class implements the CredentialsMatcher.CQL interface by making public String describe() return the constant string "username and password are not empty". This is not valid Credentials Query Language and cannot be parsed by the public static CredentialsMatcher parse(final String cql) method of com.cloudbees.plugins.credentials.CredentialsMatchers.

Likewise, BitbucketOAuthCredentialMatcher implements CredentialsMatcher.CQL and returns a CQL string that is invalid in several ways:

• Unbalanced parentheses
• Misspelled lenght doesn't match String.length()
• Uses a CONTAINS operator that is not defined in CQL