[JIRA] (JENKINS-57990) Avoid filtering contents without sensible data and do per-content anonymization

manuelramonleonjimenez@gmail.com (JIRA)

unread,

Jun 12, 2019, 10:35:02 AM6/12/19

to jenkinsc...@googlegroups.com

Ramon Leon created an issue

Jenkins /

JENKINS-57990

Avoid filtering contents without sensible data and do per-content anonymization

Issue Type:	Bug
Assignee:	Ramon Leon
Components:	support-core-plugin
Created:	2019-06-12 14:34
Priority:	Minor
Reporter:	Ramon Leon

Change the behavior of the Contents to avoid filtering when it's not needed. And change the way it's anonymized by delegating it to the component to avoid losing the structure of the information.

Should be filtered

NodesContent: include labels and filesystem path

AboutUser

AgentsConfigFile (secrets encrypted but maybe other sensitive info)

BuildQueue: name of the job

ConfigFileComponent (secrets encrypted but maybe other sensitive info)

EnvironmentVariables

JenkinsLogs

JVMProcessSystemMetricsContent (environment variables)

LoggerManager

NetworInterfaces (ips)

NodeMonitors (computer name)

OtherConfigFilesComponent

RoocCAs

SlaveLaunchLogs

SlaveLogs

SystemConfiguration Agents and Master (user running)

UpdateCenter (proxy information: urls)

SystemProperties

Shouldn’t be filtered

AboutContent

AboutBrowser

ActivePlugins

DisabledPlugins

FailedPlugins

Dockerfile

MasterChecksumsContent

NodeChecksumsContent

AdministrativeMonitors

DeadlockRequestComponent

DumpExportTable

FileDescriptorLimit

GCLogs Out of scope, it needs some refactor of classes. To tackle on another ticket

HeapUsageHistogram

ItemsContent

LoadStats

Metrics

RemotingDiagnostics

ReverseProxy

SlaveCommandStatistics

SlowRequestComponent

ThreadDumps

Avoid anonymizing the labels, the structure of the files under the control of the plugin (.md files, and information files). Analyze what values should be anonymized.
The contents generated on the fly are going to extend the PrefilteredContent by creating a new PrefilteredPrintedContent and they are going to filter the information by themselves.

The ones that are being filtered and shouldn't to will override the shouldBeFiltered method to avoid that.

Acceptance criteria

The support-core plugin is changed by creating a new PrefilteredPrintedContent that extends PrefilteredContent

The contents that don't need to be filtered don't do that by overriding shouldBeFiltered (false)

The contents that need to be filtered extends from a PrefilteredContent, most likely PrefilteredPrintedContent and do the filtering by themselves implementing the new writeTo method. Look at: https://github.com/jenkinsci/support-core-plugin/blob/e2d79249818d41111ea96979a710ac3404018f78/src/main/java/com/cloudbees/jenkins/support/api/StringContent.java#L58 avoiding to filter the structure of the markdown or whatever is going to affect the comprehension of the content.

Some tests are implemented for:

- A content that was filtered and now it's not

- A content that was filtered affecting the structure (markdown) and now it's not affected

The PR in support-core is merged

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

manuelramonleonjimenez@gmail.com (JIRA)

unread,

Jun 12, 2019, 10:36:01 AM6/12/19

to jenkinsc...@googlegroups.com

Ramon Leon started work on

JENKINS-57990

Change By:	Ramon Leon
Status:	Open In Progress

Add Comment

manuelramonleonjimenez@gmail.com (JIRA)

unread,

Jun 17, 2019, 3:43:02 PM6/17/19

to jenkinsc...@googlegroups.com

Ramon Leon updated

JENKINS-57990

Jenkins /

JENKINS-57990

Avoid filtering contents without sensible data and do per-content anonymization

Change By:	Ramon Leon
Status:	In Progress Review

Add Comment

manuelramonleonjimenez@gmail.com (JIRA)

unread,

Jun 17, 2019, 3:51:02 PM6/17/19

to jenkinsc...@googlegroups.com

Ramon Leon commented on

JENKINS-57990

Re: Avoid filtering contents without sensible data and do per-content anonymization

PR: https://github.com/jenkinsci/support-core-plugin/pull/174/files

Add Comment

manuelramonleonjimenez@gmail.com (JIRA)

unread,

Jun 17, 2019, 3:51:02 PM6/17/19

to jenkinsc...@googlegroups.com

Ramon Leon updated an issue

Jenkins /

JENKINS-57990

Avoid filtering contents without sensible data and do per-content anonymization

Change By:	Ramon Leon

Change the behavior of the {{Contents}} to avoid filtering when it's not needed. And change the way it's anonymized by delegating it to the component to avoid losing the structure of the information.

*Should be filtered*
* NodesContent: include labels and filesystem path

* AboutUser

* AgentsConfigFile (secrets encrypted but maybe other sensitive info)

* BuildQueue: name of the job

* ConfigFileComponent (secrets encrypted but maybe other sensitive info)

* EnvironmentVariables

* JenkinsLogs

* JVMProcessSystemMetricsContent (environment variables)

* LoggerManager

* NetworInterfaces (ips)

* NodeMonitors (computer name)

* OtherConfigFilesComponent

* RoocCAs

* SlaveLaunchLogs

* SlaveLogs

* SystemConfiguration Agents and Master (user running)

* UpdateCenter (proxy information: urls)

* SystemProperties

*Shouldn’t be filtered*
* AboutContent

* AboutBrowser

* ActivePlugins

* DisabledPlugins

* FailedPlugins

* Dockerfile

* MasterChecksumsContent

* NodeChecksumsContent

* AdministrativeMonitors

* DeadlockRequestComponent

* DumpExportTable

* FileDescriptorLimit

* GCLogs - Out of scope, it needs some refactor of classes. To tackle on another ticket - Done because i needed the infra for other components.

* HeapUsageHistogram

* ItemsContent

* LoadStats

* Metrics

* RemotingDiagnostics

* ReverseProxy

* SlaveCommandStatistics

* SlowRequestComponent

* ThreadDumps

Avoid anonymizing the labels, the structure of the files under the control of the plugin (.md files, and information files). Analyze what values should be anonymized.

The contents generated on the fly are going to extend the PrefilteredContent by creating a new *PrefilteredPrintedContent* and they are going to filter the information by themselves.

The ones that are being filtered and shouldn't to will override the {{shouldBeFiltered}} method to avoid that.

h3. Acceptance criteria
* The support-core plugin is changed by creating a new {{PrefilteredPrintedContent}} that extends {{PrefilteredContent}}

* The contents that don't need to be filtered don't do that by overriding {{shouldBeFiltered}} (false)

* The contents that need to be filtered extends from a {{PrefilteredContent}}, most likely {{PrefilteredPrintedContent}} and do the filtering by themselves implementing the new {{writeTo}} method. Look at: [https://github.com/jenkinsci/support-core-plugin/blob/e2d79249818d41111ea96979a710ac3404018f78/src/main/java/com/cloudbees/jenkins/support/api/StringContent.java#L58] avoiding to filter the structure of the markdown or whatever is going to affect the comprehension of the content.

* Some tests are implemented for:

*
* * A content that was filtered and now it's not

*
* * A content that was filtered affecting the structure (markdown) and now it's not affected

* The PR in support-core is merged

Add Comment

hchen@marqeta.com (JIRA)

unread,

Jun 25, 2019, 7:36:02 PM6/25/19

to jenkinsc...@googlegroups.com

Henry Chen commented on

JENKINS-57990

Re: Avoid filtering contents without sensible data and do per-content anonymization

I've recently (last week) been seeing my console data being masked as "FILTERED". Is this related to the bug/issue?

{:timestamp=>15616234449694, :message=>"[FILTERED]", :ingestion_time=>15616234449694}

should see:
{:timestamp=>15616234449694, :message=>"[ACTUAL DATA]", :ingestion_time=>15616234449694}

Add Comment

hchen@marqeta.com (JIRA)

unread,

Jun 25, 2019, 7:37:02 PM6/25/19

to jenkinsc...@googlegroups.com

Henry Chen edited a comment on

JENKINS-57990

Re: Avoid filtering contents without sensible data and do per-content anonymization

I've recently (last week) been seeing my console data being masked as "FILTERED". Is this related to the bug/issue?

Jenkins console displays:

{:timestamp=>15616234449694, :message=>"[FILTERED]", :ingestion_time=>15616234449694}

Local displays ( should see ) :

{:timestamp=>15616234449694, :message=>"[ACTUAL DATA]", :ingestion_time=>15616234449694}

Add Comment

manuelramonleonjimenez@gmail.com (JIRA)

unread,

Jun 26, 2019, 9:48:03 AM6/26/19

to jenkinsc...@googlegroups.com

Ramon Leon commented on

JENKINS-57990

Re: Avoid filtering contents without sensible data and do per-content anonymization

I don't think so Henry Chen, it's only related to the logs included in a zip generated by the support-core-plugin. A plugin to create zips with information about the instance to help to diagnose problems on it.