Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-71953

Affected by recent security change in credentials-binding plugin (version 631.v861c06d062b_4)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Critical Critical
    • xunit-plugin
    • None

      It seems this plugin is another one affected by https://issues.jenkins.io/browse/SECURITY-3075 and introduced code from here.

      The stacktrace looks like:

      Also:   org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: fbec7ad4-2400-4b63-a464-a8e921be0fb3
java.lang.IllegalStateException: Not running on the Jenkins controller JVM
	at jenkins.util.JenkinsJVM.checkJenkinsJVM(JenkinsJVM.java:46)
	at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns.getAggregateSecretPattern(SecretPatterns.java:57)
	at com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter.lambda$decorateLogger$0(MaskingConsoleLogFilter.java:43)
	at org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns$MaskingOutputStream.eol(SecretPatterns.java:93)
	at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:61)
	at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:57)
	at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:75)
	at java.base/java.io.PrintStream.write(PrintStream.java:559)
	at java.base/sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233)
	at java.base/sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:312)
	at java.base/sun.nio.cs.StreamEncoder.flushBuffer(StreamEncoder.java:104)
	at java.base/java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:181)
	at java.base/java.io.PrintStream.newLine(PrintStream.java:625)
	at java.base/java.io.PrintStream.println(PrintStream.java:883)
	at org.jenkinsci.plugins.xunit.service.XUnitLog.info(XUnitLog.java:49)
	at org.jenkinsci.plugins.xunit.service.XUnitReportProcessorService.findReports(XUnitReportProcessorService.java:81)
	at org.jenkinsci.plugins.xunit.service.XUnitTransformerCallable.invoke(XUnitTransformerCallable.java:85)
	at org.jenkinsci.plugins.xunit.service.XUnitTransformerCallable.invoke(XUnitTransformerCallable.java:38)
	at hudson.FilePath$FileCallableWrapper.call(FilePath.java:3578)
	at hudson.remoting.UserRequest.perform(UserRequest.java:211)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
	at hudson.remoting.Request$2.run(Request.java:377)
	at hudson.remoting.InterceptingExecutorService.lambda$wrap$0(InterceptingExecutorService.java:78)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at hudson.remoting.Engine$1.lambda$newThread$0(Engine.java:125)
	at java.base/java.lang.Thread.run(Thread.java:829)

      The version "604.vb_64480b_c56ca_" of credentials-binding plugin works fine with xUnit, however "631.v861c06d062b_4" produces above exception.

      Feel free to lower the priority if there is a work-around (unknown for me at this time)

            nfalco Nikolas Falco
            pajasoft Pavel JanouĊĦek
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: