Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52179

Wrong data mapping on serialization

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      FileOnMasterPrivateKeySource is serialized as DirectEntryPrivateKeySource.

      To reproduce it:

      1. Create new credentials of type "SSH Username with private key"
      2. Fill fields with test data
      3. Select "From a file on Jenkins master" for "Private Key" and fill the field with something ("/tmp/my-cert" or the like).
      4. Save

      Now read the credential from CLI:

      java -jar jenkins-cli.jar -noKeyAuth -s http://localhost:8080/jenkins/ get-credentials-as-xml system::system::jenkins _ [your-credentials-id]
      

      Output is:

      <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
        <scope>GLOBAL</scope>
        <id>58ec63b5-92ab-4521-83b8-701fb7bd8162</id>
        <description>test</description>
        <username>test</username>
        <passphrase>
          <secret-redacted/>
        </passphrase>
        <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource">
          <privateKey></privateKey>
        </privateKeySource>
      </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>
      

      Note the privateKeySource is com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$DirectEntryPrivateKeySource instead of com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource

       

      I've checked serialization on disk is correct.

        Attachments

          Activity

          Hide
          jenkey Claudio B added a comment - - edited

          If you have version 1.14 installed, this is caused by a security fix for CVE-2018-1000601, see SECURITY-440

           

           

          Show
          jenkey Claudio B added a comment - - edited If you have version 1.14 installed, this is caused by a security fix for CVE-2018-1000601, see SECURITY-440    
          Hide
          stephenconnolly Stephen Connolly added a comment -

          Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

          Show
          stephenconnolly Stephen Connolly added a comment - Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            amuniz Antonio Muñiz
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: