Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

secure variables are not masked in task plugins #4737

Closed
adityasood opened this issue May 14, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@adityasood
Copy link
Contributor

commented May 14, 2018

Issue Type
  • Bug Report
Summary

Secure variables are not masked in task plugins.

Environment
Basic environment details
  • Go Version: 18.5.0 and 18.4.0
  • JAVA Version: Java8
  • OS: Mac and Linux
Steps to Reproduce
  1. Start a GoCD server
  2. Configure a pipeline to use a task plugin ( tested with groovy plugin and script executor plugin) and add a secure variable to the job and pipeline
  3. Echo or use printenv to print the values of secure variables on the GoCD UI job console
  4. The values are not masked
Expected Results

The secure variables should be masked as they are masked when using the "More" task command in GoCD

Actual Results

The secure variable values are visible on the job console

Possible Fix

mask the secure variable values

screen shot 2018-05-11 at 11 17 20

screen shot 2018-05-14 at 3 28 07 pm

varshavaradarajan added a commit to varshavaradarajan/gocd that referenced this issue May 15, 2018

@arvindsv arvindsv added this to the Release 18.6 milestone May 15, 2018

varshavaradarajan added a commit that referenced this issue May 17, 2018

Merge pull request #4739 from varshavaradarajan/mask-vars
Use the safe output stream consumer to replace secrets in pluggable tasks. (#4737)
@rajiesh

This comment has been minimized.

Copy link
Contributor

commented Jun 8, 2018

verified on 18.6.0 (6883-1013a67ccf0cda9c87e6361286708b584be42338)

@rajiesh rajiesh closed this Jun 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.