Skip to content
Permalink
Browse files
[JENKINS-25735] - Always allow hudson.model.Passwordparameter and its…
… children
  • Loading branch information
oleg-nenashev committed Mar 16, 2017
1 parent 3d57fab commit 0a73ebe8af0602cacdfa277df66f2685879a08a0
@@ -398,8 +398,19 @@ public boolean isMasked(final @CheckForNull ParameterValue value,
return true;
}
}

return false;

// Always mask the hudson.model.PasswordParameterValue class and its overrides
// This class does not comply with the criteria above, but it is sensitive starting from 1.378
final Class<?> valueClass;
try {
valueClass = Jenkins.getActiveInstance().getPluginManager().uberClassLoader.loadClass(paramValueClassName);
} catch (Exception ex) {
// Move on. Whatever happens here, it will blow up somewhere else
LOGGER.log(Level.FINE, "Failed to load class for the ParameterValue " + paramValueClassName, ex);
return false;
}

return hudson.model.PasswordParameterValue.class.isAssignableFrom(valueClass);
}

/**
@@ -63,7 +63,7 @@ public class CorePasswordParameterTest {

@Before
public void dropCache() {
MaskPasswordsConfig.getInstance().clear();
MaskPasswordsConfig.getInstance().reset();
}

@Test
@@ -82,6 +82,22 @@ public void shouldMaskPasswordParameterValueByDefault() {
MaskPasswordsConfig.getInstance().isMasked(created, "nonExistent"));
}

@Test
public void shouldMaskPasswordParameterChildrenValueByValue() {
ParameterValue created = new MyPasswordParameter();

// We pass the non-existent class name in order to ensure that the Value metadata check is enough
Assert.assertTrue(PasswordParameterValue.class + " must be masked by default",
MaskPasswordsConfig.getInstance().isMasked(created, "nonExistent"));
}

@Test
public void shouldMaskPasswordParameterChildrenValueByClass() {
// We pass the non-existent class name in order to ensure that the Value metadata check is enough
Assert.assertTrue(PasswordParameterValue.class + " must be masked by the class name",
MaskPasswordsConfig.getInstance().isMasked(MyPasswordParameter.class.getName()));
}

@Test
@Issue("JENKINS-41955")
public void passwordParameterShouldBeMaskedInFreestyleProject() throws Exception {
@@ -115,4 +131,13 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
j.assertLogContains(logWithHiddenPassword, build);
j.assertLogNotContains(logWithClearTextPassword, build);
}

private static final class MyPasswordParameter extends hudson.model.PasswordParameterValue {

private static final long serialVersionUID = 1L;

public MyPasswordParameter() {
super("MYPASSWORD", "qwerty123");
}
}
}

0 comments on commit 0a73ebe

Please sign in to comment.