-
Bug
-
Resolution: Not A Defect
-
Minor
-
Jenkins: 2.479.2
Plugin Version: 751.v2e44153c8fe1
##### NOTE ####
I had to put the slack-uploader-plugin as the component. However, this belongs to the slack-notification plugin. It just wasn't listed as an option.
Version: slack-plugin-751.v2e44153c8fe1
File: src/main/java/jenkins/plugins/slack/pipeline/SlackUploadFileRunner.java
Line: 65
Setup Steps:
- Follow this to set up a Slack app
- Navigate to Manage Jenkins > System Log
- Create a new logger
- Name = Slack
- Logger = jenkins.plugins
- Log Level = ALL
- Create a pipeline job to trigger the logging statement
- Here is an example script (File path, channel, and the token id must be changed).
pipeline {
agent any
environment
{ SLACK_CHANNEL = 'all-testing' }stages {
stage('Upload File to Slack') {
steps {
withCredentials([string(credentialsId: 'slack-token', variable: 'SLACK_TOKEN')]) {
script
{ slackUploadFile( filePath: 'C:\\Users\\kyler\\Downloads\\sensitive-info\\business-data.txt.txt', initialComment: 'Uploading sensitive business data to Slack', channel: env.SLACK_CHANNEL ) }}
}
}
}
}
Navigate back to the log and look for the output. Mine is attached. This will log the full file path.
A fix for this could be to say that the upload was successful or to log the base file name.
[JENKINS-75103] CWE-532 In Slack Notification Plugin
Kyler
created issue -
| Assignee | Original: Shitij Goyal [ masterlittle ] | |
| Resolution | New: Not A Defect [ 7 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
| Component/s | New: _unsorted [ 19622 ] | |
| Component/s | Original: slack-uploader-plugin [ 21733 ] |