Skip to content

Commit

Permalink
Redact sensitive data from command output
Browse files Browse the repository at this point in the history
  • Loading branch information
@akram
Rinor Maloku authored and akram committed Jun 24, 2020
1 parent 68523bf commit 570844d
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 9 deletions.
21 changes: 14 additions & 7 deletions src/main/java/com/openshift/jenkins/plugins/freestyle/BaseStep.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,20 @@
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.Computer;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ListBoxModel;

import org.apache.commons.io.IOUtils;
import org.apache.commons.io.LineIterator;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
Expand All @@ -35,6 +38,8 @@
import java.util.Map;
import java.util.TreeMap;

import static com.openshift.jenkins.plugins.util.ClientCommandOutputCleaner.redactSensitiveData;

public abstract class BaseStep extends Builder {

public static final String DEFAULT_LOGLEVEL = "0";
Expand Down Expand Up @@ -255,16 +260,18 @@ public boolean perform(ProcessBuilder pb)
new Thread(new Runnable() {
@Override
public void run() {
byte buffer[] = new byte[1024];
int count;
try {
while ((count = output.read(buffer)) != -1) {
listener.getLogger().write(buffer, 0,
count);
StringBuffer sb = new StringBuffer();
try (Reader reader = new InputStreamReader(output)) {
LineIterator it = IOUtils.lineIterator(reader);
while (it.hasNext()) {
String line = it.nextLine();
sb.append(line).append("\n");
}
} catch (Exception e) {
listener.error("Error streaming process output");
e.printStackTrace(listener.getLogger());
} finally {
listener.getLogger().println(redactSensitiveData(sb.toString()));
}
}
}).start();
Expand Down
10 changes: 8 additions & 2 deletions src/main/java/com/openshift/jenkins/plugins/pipeline/OcAction.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package com.openshift.jenkins.plugins.pipeline;

import com.openshift.jenkins.plugins.util.ClientCommandBuilder;
import com.openshift.jenkins.plugins.util.ClientCommandOutputCleaner;
import com.openshift.jenkins.plugins.util.ClientCommandRunner;
import hudson.*;
import hudson.model.Computer;
Expand Down Expand Up @@ -63,14 +64,18 @@ public static class OcActionResult implements Serializable {
public int status;
@Whitelisted
public HashMap<String, String> reference = new HashMap<String, String>();
@Whitelisted
public boolean verbose = false;

public HashMap toMap() {
HashMap m = new HashMap();
m.put("verb", verb);
m.put("cmd", cmd);
m.put("out", out);
m.put("err", err);
m.put("reference", reference);
m.put("err", ClientCommandOutputCleaner.redactSensitiveData(err));
if (verbose) {
m.put("reference", reference);
}
m.put("status", status);
return m;
}
Expand Down Expand Up @@ -206,6 +211,7 @@ protected OcActionResult run() throws IOException, InterruptedException, Executi
result.reference = step.reference;
result.out = stdout.toString();
result.err = stderr.toString();
result.verbose = step.verbose;

if (step.verbose) {
listener.getLogger().println("Verbose sub-step output:");
Expand Down
7 changes: 7 additions & 0 deletions src/main/java/com/openshift/jenkins/plugins/util/ClientCommandOutputCleaner.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package com.openshift.jenkins.plugins.util;

public class ClientCommandOutputCleaner {
public static String redactSensitiveData(final String output){
return output.replaceAll("(\"data\":)\\{(.*?)\\}", "$1{ REDACTED }");
}
}

0 comments on commit 570844d

Please sign in to comment.