[JIRA] (JENKINS-61394) Maven top-level target displays passwords with "$" in the log

14 views
Skip to first unread message

uwe.klinger@sap.com (JIRA)

unread,
Mar 9, 2020, 7:59:03 AM3/9/20
to jenkinsc...@googlegroups.com
Uwe Klinger created an issue
 
Jenkins / Bug JENKINS-61394
Maven top-level target displays passwords with "$" in the log
Issue Type: Bug Bug
Assignee: Unassigned
Components: maven-plugin
Created: 2020-03-09 11:58
Environment: org.jenkins-ci.main:jenkins-war: 2.223
maven-plugin: 3.4
Priority: Minor Minor
Reporter: Uwe Klinger

When using password variables in the "Maven top-level target" step, passwords are revealed if they contain a "$", but with duplicated "$".

For example: 

  • Password: a$b
  • Displayed password: a$$b

When using the shell step, no password is displayed.

See also attached screenshots for further information.

I searched the existing tickets but didn't found the same problem. It looks like this is a regression because I couldn't reproduce it on a much older Jenkins version.

Thanks,
Uwe

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

uwe.klinger@sap.com (JIRA)

unread,
Mar 9, 2020, 8:00:05 AM3/9/20
to jenkinsc...@googlegroups.com
Uwe Klinger updated an issue
Change By: Uwe Klinger
Attachment: job settings.png

uwe.klinger@sap.com (JIRA)

unread,
Mar 9, 2020, 8:01:02 AM3/9/20
to jenkinsc...@googlegroups.com
Uwe Klinger updated an issue
Change By: Uwe Klinger
Attachment: output.png

uwe.klinger@sap.com (JIRA)

unread,
Mar 9, 2020, 8:01:03 AM3/9/20
to jenkinsc...@googlegroups.com
Uwe Klinger updated an issue
Change By: Uwe Klinger
Attachment: job settings.png

uwe.klinger@sap.com (JIRA)

unread,
Mar 9, 2020, 8:02:01 AM3/9/20
to jenkinsc...@googlegroups.com
Uwe Klinger updated an issue
Change By: Uwe Klinger
Attachment: Job configuration.png

uwe.klinger@sap.com (JIRA)

unread,
Mar 9, 2020, 8:03:02 AM3/9/20
to jenkinsc...@googlegroups.com
Uwe Klinger updated an issue
When using password variables in the "Maven top-level target" step, passwords are revealed if they contain a "$", but with duplicated "$".

For example: 
* Password: a$b
* Displayed password: a$$b


When using the shell step, no password is displayed.

See also attached screenshots for further information. an example:
# step uses echo -> Escaping ok
# step uses maven plugin -> Escaping of passwords with "$" is broken 

I searched the existing tickets but didn't found the same problem. It looks like this is a regression because I couldn't reproduce it on a much older Jenkins version.

Thanks,
Uwe

 

hoky841023@gmail.com (JIRA)

unread,
Apr 17, 2020, 2:33:03 AM4/17/20
to jenkinsc...@googlegroups.com
Kuan-Yu Ho commented on Bug JENKINS-61394
 
Re: Maven top-level target displays passwords with "$" in the log

The command which displayed on console is executed before replace variables, it cause the command which displayed on console different from actual executions.

hoky841023@gmail.com (JIRA)

unread,
Apr 17, 2020, 2:33:03 AM4/17/20
to jenkinsc...@googlegroups.com
Kuan-Yu Ho assigned an issue to Kuan-Yu Ho
 
Change By: Kuan-Yu Ho
Assignee: Kuan-Yu Ho
Reply all
Reply to author
Forward
0 new messages