Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

warn user when deprecated Secret#toString() is being used #3668

Merged
merged 2 commits into from Oct 11, 2018
Merged

warn user when deprecated Secret#toString() is being used #3668

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
87a6847
warn user when Secret.toString is being used
ndeloof Oct 3, 2018
934d620
Add link to https://jenkins.io/redirect/hudson.util.Secret/
ndeloof Oct 11, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions core/src/main/java/hudson/util/Secret.java
View file
Open in desktop
Expand Up @@ -42,6 +42,7 @@
import java.io.UnsupportedEncodingException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
Expand All @@ -64,6 +65,8 @@
* @author Kohsuke Kawaguchi
*/
public final class Secret implements Serializable {
private static final Logger LOGGER = Logger.getLogger(Secret.class.getName());

private static final byte PAYLOAD_V1 = 1;
/**
* Unencrypted secret text.
Expand Down Expand Up @@ -92,6 +95,8 @@ public final class Secret implements Serializable {
@Override
@Deprecated
public String toString() {
final String from = new Throwable().getStackTrace()[1].toString();
LOGGER.warning("Use of toString() on hudson.util.Secret from "+from+". Prefer getPlainText() or getEncryptedValue() depending your needs. see https://jenkins.io/redirect/hudson.util.Secret/");
return value;
}

Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/lib/form/password.jelly
View file
Open in desktop
Expand Up @@ -67,6 +67,6 @@ THE SOFTWARE.
value="${h.getPasswordValue(attrs.value ?: instance[attrs.field])}"
type="password"
checkMethod="post"
ATTRIBUTES="${attrs}" EXCEPT="field clazz" />
ATTRIBUTES="${attrs}" EXCEPT="field clazz value" />
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC, it is not related to the pull request description. What is the objective here? Should it be tracked separately?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is. Without this change MorphTagLibrary will invoke ${value}.toString to set value attribute, which is immediately overriden based on value expression
(jelly tags ... 🤕 )

<!-- TODO consider customizedFields -->
</j:jelly>