[FIXED JENKINS-12129] hide password in failure log messages

jenkinsci · Dec 16, 2011 · 1762b8e · 1762b8e
1 parent 973453b
commit 1762b8e
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 1 deletion.
diff --git a/src/main/java/com/deluan/jenkins/plugins/rtc/JazzClient.java b/src/main/java/com/deluan/jenkins/plugins/rtc/JazzClient.java
@@ -230,15 +230,43 @@ private ByteArrayOutputStream popen(ArgumentListBuilder args)
 
         PrintStream output = listener.getLogger();
         ForkOutputStream fos = new ForkOutputStream(o, output);
+        listener.error("Failed to run " + toMaskedCommandLine(args));
         if (joinWithPossibleTimeout(run(args).stdout(fos)) == 0) {
             o.flush();
             return baos;
         } else {
-            listener.error("Failed to run " + args.toStringWithQuote());
+            listener.error("Failed to run " + toMaskedCommandLine(args));
             throw new AbortException();
         }
     }
 
+    /**
+     * A version of ArgumentListBuilder.toStringWithQuote() that also masks fields marked as 'masked'
+     */
+    protected String toMaskedCommandLine(ArgumentListBuilder argsBuilder) {
+        StringBuilder buf = new StringBuilder();
+        List<String> args = argsBuilder.toList();
+        boolean[] masks = argsBuilder.toMaskArray();
+
+        for (int i = 0; i < args.size(); i++) {
+            String arg;
+            if (masks[i]) {
+                arg = "********";
+            } else {
+                arg = args.get(i);
+            }
+
+            if (buf.length() > 0) buf.append(' ');
+
+            if (arg.indexOf(' ') >= 0 || arg.length() == 0)
+                buf.append('"').append(arg).append('"');
+            else
+                buf.append(arg);
+        }
+        return buf.toString();
+    }
+
+
     private Charset getDefaultCharset() {
         // First check if we can get currentComputer. See issue JENKINS-11874
         if (Computer.currentComputer() != null) {

diff --git a/src/test/java/com/deluan/jenkins/plugins/rtc/JazzClientTest.java b/src/test/java/com/deluan/jenkins/plugins/rtc/JazzClientTest.java
@@ -4,6 +4,7 @@
 import hudson.FilePath;
 import hudson.Launcher;
 import hudson.model.TaskListener;
+import hudson.util.ArgumentListBuilder;
 import org.junit.Before;
 import org.junit.Test;
 import org.jvnet.hudson.test.Bug;
@@ -152,5 +153,21 @@ public void errorParsingAcceptOutput() throws IOException, InterruptedException
         testClient.accept();
     }
 
+    @Test
+    @Bug(12129)
+    public void toMaskedCommandLine() {
+        JazzClient testClient = createTestableJazzClient(null, null, null, null);
+        String password = "123456";
+
+        ArgumentListBuilder args = new ArgumentListBuilder();
+        args.add("scm", "-p");
+        args.addMasked(password);
+        args.add("-f");
+
+        String printedCommand = testClient.toMaskedCommandLine(args);
+
+        assertThat(printedCommand, is("scm -p ******** -f"));
+    }
+
 
 }