| When reading a json string into a dict the details pipeline steps page (flowGraphTable) has the full text passed in as the argument. In the event that JSON data is gathered using sh (eg via curl or similar) and you want to translate this into a dict with 'readJSON text: foo' the contents of foo are visible in that screen. Since it's been made clear that JsonSlurperClassic() is not going to be supported to handle the conversion outside of step - see https://github.com/jenkinsci/script-security-plugin/pull/77 - there really needs to be an option or something to avoid this exposure in the case that the JSON data to turn into a dict requires obfuscation due to secrets involved (or just hide by default). This is particularly concerning as the console output of course doesn't display the variable data when converting to a dict: def foo = readJSON text: myvar The blue ocean steps and the details pipeline steps view shows myvar though Right now I'm working around this by doing: writeFile(file: 'super_temporary.json', text: my_json)
foo = readJSON file: 'super_temporary.json'
sh 'rm -f super_temporary.json' This obviously requires three steps rather than than a single step, which is a bit of a slow down and makes it messier in the output. |
