Skip to content
Permalink
Browse files

Merge pull request #43 from jglick/empty-secret-JENKINS-41760

[JENKINS-41760] Suppress masking of blank secrets
  • Loading branch information
jglick committed Aug 8, 2017
2 parents b141c6f + 3ab1e34 commit 7aa3871509767bf65c8084402f61ac3a222f83d1
@@ -188,10 +188,12 @@ public static String getPatternStringForSecrets(Collection<String> secrets) {
Collections.sort(sortedByLength, stringLengthComparator);

for (String secret : sortedByLength) {
if (b.length() > 0) {
b.append('|');
if (!secret.isEmpty()) {
if (b.length() > 0) {
b.append('|');
}
b.append(Pattern.quote(secret));
}
b.append(Pattern.quote(secret));
}
return b.toString();
}
@@ -174,9 +174,14 @@ private Object readResolve() throws ObjectStreamException {
final Pattern p = Pattern.compile(pattern.getPlainText());
return new LineTransformationOutputStream() {
@Override protected void eol(byte[] b, int len) throws IOException {
Matcher m = p.matcher(new String(b, 0, len, charsetName));
if (m.find()) {
logger.write(m.replaceAll("****").getBytes(charsetName));
if (!p.toString().isEmpty()) {
Matcher m = p.matcher(new String(b, 0, len, charsetName));
if (m.find()) {
logger.write(m.replaceAll("****").getBytes(charsetName));
} else {
// Avoid byte → char → byte conversion unless we are actually doing something.
logger.write(b, 0, len);
}
} else {
// Avoid byte → char → byte conversion unless we are actually doing something.
logger.write(b, 0, len);
@@ -149,7 +149,7 @@ protected Object readResolve() {
p = getPatternForBuild(build);
}

if (p != null) {
if (p != null && !p.toString().isEmpty()) {
Matcher m = p.matcher(new String(b, 0, len, charsetName));
if (m.find()) {
logger.write(m.replaceAll("****").getBytes(charsetName));
@@ -428,6 +428,20 @@ public void testTrackingOfCredential() {
});
}

@Issue("JENKINS-41760")
@Test public void emptyOrBlankCreds() {
story.addStep(new Statement() {
@Override public void evaluate() throws Throwable {
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition("node {withCredentials([]) {echo 'normal output'}}", true));
story.j.assertLogContains("normal output", story.j.buildAndAssertSuccess(p));
CredentialsProvider.lookupStores(story.j.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, "creds", null, Secret.fromString("")));
p.setDefinition(new CpsFlowDefinition("node {withCredentials([string(variable: 'SECRET', credentialsId: 'creds')]) {echo 'normal output'}}", true));
story.j.assertLogContains("normal output", story.j.buildAndAssertSuccess(p));
}
});
}

private static Set<String> grep(File dir, String text) throws IOException {
Set<String> matches = new TreeSet<String>();
grep(dir, text, "", matches);
@@ -44,9 +44,12 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import org.junit.ClassRule;
import org.jvnet.hudson.test.BuildWatcher;

public class SecretBuildWrapperTest {

@ClassRule public static BuildWatcher buildWatcher = new BuildWatcher();
@Rule public JenkinsRule r = new JenkinsRule();

@Issue("JENKINS-24805")
@@ -96,4 +99,14 @@
FreeStyleBuild b = r.buildAndAssertSuccess(f);
r.assertLogContains("PASSES", b);
}

@Issue("JENKINS-41760")
@Test public void emptySecret() throws Exception {
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), new StringCredentialsImpl(CredentialsScope.GLOBAL, "creds", null, Secret.fromString("")));
FreeStyleProject p = r.createFreeStyleProject();
p.getBuildWrappersList().add(new SecretBuildWrapper(Collections.singletonList(new StringBinding("SECRET", "creds"))));
p.getBuildersList().add(Functions.isWindows() ? new BatchFile("echo PASSES") : new Shell("echo PASSES"));
r.assertLogContains("PASSES", r.buildAndAssertSuccess(p));
}

}

0 comments on commit 7aa3871

Please sign in to comment.
You can’t perform that action at this time.