JENKINS-62208 Prevent file contents from being printed during transfers

[nrayapati]

Updated the defineRemote method to accept an enableInteraction flag, disabling interaction (and thus log piping) during file transfers in put and get methods. This prevents file contents from being printed to the logs, addressing a potential security and verbosity issue.

Description

See JENKINS-62208.

Submitter checklist

• Link to JIRA ticket in description, if appropriate.
• Change is code complete and matches issue description.
• Appropriate unit or acceptance tests or explanation to why this change has no tests.
• Reviewer's manual test instructions provided in PR description. See Reviewer's first task below.

Reviewer checklist

• Run the changes and verified the change matches the issue description.
• Reviewed the code.
• Verified that the appropriate tests have been written or valid explanation given.
• If applicable, test installing this plugin on the Jenkins instance.

[Copilot]

Pull request overview

This PR addresses JENKINS-62208 by preventing file contents from being printed to Jenkins logs during SSH file transfers. The fix adds an enableInteraction flag to the defineRemote method, which when set to false, disables the interaction block that pipes output to logs.

• Added optional enableInteraction parameter to defineRemote method with backward-compatible default value of true
• Modified put and get methods to explicitly disable interaction during file transfers
• Updated interaction block setup to be conditional based on the enableInteraction flag

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[nrayapati]

@kirk-fitz Would you be able to verif this incremental is working properly on your Jenkins? https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/ssh-steps/2.0.89.vccd94d21c78a_/

[kirk-fitz]

@nrayapati glad to see some movement on it, not sure if you got to look at my previous pr
#158

It was not complete, but maybe you got inspiration from it, I will review and test over the coming days

[nrayapati]

@nrayapati glad to see some movement on it, not sure if you got to look at my previous pr #158

It was not complete, but maybe you got inspiration from it, I will review and test over the coming days

Thanks for your earlier work on #158! I actually approached this differently - rather than filtering at runtime based on SCP mode and verbose flag, I disabled the interaction block entirely for all file transfer operations (both SCP and SFTP) at definition time via the enableInteraction parameter. This is more generic and prevents the issue at the source for sshGet, sshPut, and any future file transfer steps. The interaction block now only captures output for commands and scripts where users actually want to see the output. If anyone needs file transfer debugging, they can still use the remote.logLevel setting to enable groovy-ssh's internal logging separately.

Looking forward to your review and testing feedback! :)

[kirk-fitz]

Thanks for the detailed explanation, Your approach is cleaner and more robust. My PR was really a narrow fix aimed at suppressing the SCP output I was personally hitting, and it didn’t address SFTP or future transfer steps, nor did it come with tests.

[kirk-fitz]

Changes look good, have tested locally

[nrayapati]

Changes look good, have tested locally

Thank you very much!

[nrayapati]

Released with: https://github.com/jenkinsci/ssh-steps-plugin/releases/tag/2.0.88.v3ec71014e954