"WARNING: Skipped parameter" appears a lot of times in the log

1,715 views
Skip to first unread message

Asaf Mesika

unread,
Dec 28, 2016, 5:57:38 AM12/28/16
to Jenkins Users
Hi,

I have the following line appears many times in the log of Jenkins:

Dec 28, 2016 10:51:59 AM hudson.model.ParametersAction filter
WARNING: Skipped parameter `BRANCH_NAME` as it is undefined on `build-gaia-full`. Set `-Dhudson.model.ParametersAction.keepU
ndefinedParameters`=true to allow undefined parameters to be injected as environment variables or `-Dhudson.model.Parameters
Action.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security br
each


I tried setting the parameters as you can see here:

jenkins  10980     1  0 10:43 ?        00:00:00 /usr/bin/daemon --name=jenkins --inherit --env=JENKINS_HOME=/var/lib/jenkins --output=/var/log/jenkins/jenkins.log --pidfile=/var/run/jenkins/jenkins.pid -- /usr/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Dhudson.model.ParametersAction.safeParameters=GAIA_BRANCH,BRANCH_NAME,EXTRA_GRADLE_SWITCHES -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
jenkins  10982 10980 17 10:43 ?        00:02:08 /usr/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Dhudson.model.ParametersAction.safeParameters=GAIA_BRANCH,BRANCH_NAME,EXTRA_GRADLE_SWITCHES -jar /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1

But it didn't help.

I also added the parameter BRANCH_NAME to this job, using the DSL:

parameters {
    stringParam('BRANCH_NAME')
}

This didn't help! Which is the weirdest thing ever than.


Any chance you guys seen it and solved it?


Thanks!

Asaf Mesika
Logz.io

Baptiste Mathus

unread,
Dec 30, 2016, 9:28:06 AM12/30/16
to jenkins...@googlegroups.com
Hi,

Did you try the global -Dhudson.model.ParametersAction.keepUndefinedParameters=true switch?

If so, my guess would be maybe the more specific switch is not much used (For instance, I only knew about this one and didn't know about hudson.model.ParametersAction.safeParameters) in the field and has some non-revealed bugs?.

At least, if the global one works, it will narrow down the scope of research here, so IMO worth trying.

Cheers

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e8f8e2c1-3b9d-4cde-922d-75a98258ea43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Arnaud Héritier

unread,
Dec 30, 2016, 10:16:24 AM12/30/16
to jenkins...@googlegroups.com

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS4z53AGMLSz9C_nFVqM1%3DpMWPQPkf%3D%3Du3to7frSEVp4rw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.



--
-----
Arnaud Héritier
Mail/GTalk: aheritier AT gmail DOT com
Twitter/Skype : aheritier

Daniel Beck

unread,
Dec 30, 2016, 7:06:36 PM12/30/16
to jenkins...@googlegroups.com

> On 28.12.2016, at 11:57, Asaf Mesika <asaf....@gmail.com> wrote:
>
> Any chance you guys seen it and solved it?
>

Could you provide the config.xml of the affected job, the build.xml of an affected build, and the output of the /systemInfo URL?

Daniel Beck

unread,
Dec 30, 2016, 7:08:17 PM12/30/16
to jenkins...@googlegroups.com

> On 30.12.2016, at 15:27, Baptiste Mathus <m...@batmat.net> wrote:
>
> Did you try the global -Dhudson.model.ParametersAction.keepUndefinedParameters=true switch?
>

It's a good idea not to disable this security entirely if the threat described in the advisory is relevant, so hudson.model.ParametersAction.safeParameters is a better approach IMO.

Baptiste Mathus

unread,
Dec 31, 2016, 2:24:03 AM12/31/16
to jenkins...@googlegroups.com
At least, if the global one works, it will narrow down the scope of research here, so IMO worth trying.

Agreed. Again, I was advising that only to narrow down the issue possibly. Not just to use that instead and Yolo.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.

Asaf Mesika

unread,
Jan 5, 2017, 4:34:33 AM1/5/17
to jenkins...@googlegroups.com
I now tried the "keepUndefinedParameters" and the WARN messages now not appearing anymore - problem solved.

What do you suggest?

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/NSOtDEYCpW4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CANWgJS4z53AGMLSz9C_nFVqM1%3DpMWPQPkf%3D%3Du3to7frSEVp4rw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages