Skip to content

Commit

Permalink
SECURITY-1510 Mask secret text
Browse files Browse the repository at this point in the history
  • Loading branch information
@ikikko
ikikko committed Mar 10, 2020
1 parent 4d31f7a commit 43f5133
Show file tree
Hide file tree
Showing 5 changed files with 13 additions and 13 deletions.
2 changes: 1 addition & 1 deletion src/main/java/hudson/plugins/backlog/BacklogNotifier.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher,
"'project' is not included in Backlog URL, so creating issue is skipped.");
return true;
}
if (StringUtils.isEmpty(bpp.getApiKey())) {
if (StringUtils.isEmpty(bpp.getApiKey().getPlainText())) {
listener.getLogger().println(
"'apiKey' is not set, so creating issue is skipped.");
return true;
Expand Down
8 changes: 4 additions & 4 deletions src/main/java/hudson/plugins/backlog/BacklogProjectProperty.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,12 @@ public BacklogProjectProperty(final String url, final String userId,
this.apiKey = Secret.fromString(apiKey);
}

public String getPassword() {
return Secret.toString(password);
public Secret getPassword() {
return password;
}

public String getApiKey() {
return Secret.toString(apiKey);
public Secret getApiKey() {
return apiKey;
}

public String getSpaceURL() {
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/hudson/plugins/backlog/BacklogWebdavPublisher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher,
BacklogProjectProperty.class);
if (bpp == null || bpp.getSpaceURL() == null
|| bpp.getProject() == null || bpp.userId.isEmpty()
|| bpp.getPassword().isEmpty()) {
|| bpp.getPassword().getPlainText().isEmpty()) {
LOG.warn("BacklogProjectProperty settings is required when publishing to files.");
return true;
}
Expand All @@ -76,7 +76,7 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher,

// webdav client
WebdavClient client = new WebdavClient(bpp.getSpaceURL() + "dav/" + bpp.getProject() + "/", bpp.userId,
bpp.getPassword());
bpp.getPassword().getPlainText());

// set remove prefix
String prefix = build.getEnvironment(listener).expand(removePrefix);
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/hudson/plugins/backlog/api/v2/BacklogClientFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,15 @@ public static BacklogClient getBacklogClient(BacklogProjectProperty bpp) throws
if (StringUtils.isEmpty(bpp.getProject())) {
throw new IllegalArgumentException("'project' is not included in Backlog URL. Can't comment a pull request.");
}
if (StringUtils.isEmpty(bpp.getApiKey())) {
if (StringUtils.isEmpty(bpp.getApiKey().getPlainText())) {
throw new IllegalArgumentException("'apiKey' is not set. Can't comment a pull request.");
}

if (Jenkins.getInstance().getPlugin("git") == null) {
throw new IllegalArgumentException("This project doesn't use Git as SCM. Can't comment a pull request.");
}

BacklogConfigure configure = new BacklogPackageConfigure(bpp.getSpaceURL()).apiKey(bpp.getApiKey());
BacklogConfigure configure = new BacklogPackageConfigure(bpp.getSpaceURL()).apiKey(bpp.getApiKey().getPlainText());
return new com.nulabinc.backlog4j.BacklogClientFactory(configure).newClient();
}

Expand Down
8 changes: 4 additions & 4 deletions src/test/java/hudson/plugins/backlog/BacklogProjectPropertyTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ public final void testSpaceURLIsNull() {
bpp = new BacklogProjectProperty(null, null, null, null);
assertNull(bpp.url);
assertNull(bpp.userId);
assertTrue(StringUtils.isEmpty(bpp.getPassword()));
assertTrue(StringUtils.isEmpty(bpp.getPassword().getPlainText()));
}

@Test
Expand All @@ -27,7 +27,7 @@ public final void testSpaceURLIsProjectURL() {
"https://demo.backlog.jp/projects/DORA", "test", "test", "apiKey");
assertEquals("https://demo.backlog.jp/projects/DORA", bpp.url);
assertEquals("test", bpp.userId);
assertEquals("test", bpp.getPassword());
assertEquals("test", bpp.getPassword().getPlainText());
}

@Test
Expand All @@ -36,13 +36,13 @@ public final void testSpaceURL() {
"test", "apiKey");
assertEquals("https://demo.backlog.jp/", bpp.url);
assertEquals("test", bpp.userId);
assertEquals("test", bpp.getPassword());
assertEquals("test", bpp.getPassword().getPlainText());

bpp = new BacklogProjectProperty("https://demo.backlog.jp", "test",
"test", "apiKey");
assertEquals("https://demo.backlog.jp/", bpp.url);
assertEquals("test", bpp.userId);
assertEquals("test", bpp.getPassword());
assertEquals("test", bpp.getPassword().getPlainText());
}

@Test
Expand Down

0 comments on commit 43f5133

Please sign in to comment.