| Key: |
QB-2622
|
| Type: |
Bug
|
| Status: |
Closed
|
| Resolution: |
Won't Fix
|
| Priority: |
Minor
|
| Assignee: |
Unassigned
|
| Reporter: |
Irina Kotlova
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 11/Jan/16 10:27 PM
Updated: 21/Dec/16 09:17 AM
|
|
| Component/s: |
None
|
| Affects Version/s: |
5.0.31
|
| Fix Version/s: |
5.1.1
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
|
When a clear-text variable references a secret variable, then anywhere that the clear-text variable gets referenced will show the secret value in clear text--for example, the Variables list for a build, the build log, etc. An example:
1) Define a secret variable, mySecretVar, and set it to "mysecret"
2) Define a clear text variable, myClearVar, and set it to "${vars.getValue("mySecretVar")}
3) After a build, myClearVar will show up in the Variables tab with its value in clear text, and possibly also in the build log depending on how it is used.
|
|
Description
|
When a clear-text variable references a secret variable, then anywhere that the clear-text variable gets referenced will show the secret value in clear text--for example, the Variables list for a build, the build log, etc. An example:
1) Define a secret variable, mySecretVar, and set it to "mysecret"
2) Define a clear text variable, myClearVar, and set it to "${vars.getValue("mySecretVar")}
3) After a build, myClearVar will show up in the Variables tab with its value in clear text, and possibly also in the build log depending on how it is used. |
Show » |
|
CLONE -Secret variables can be referenced by clear-text variables, exposing the secret values
1) Set 'passwords' as a secret variable with some value.
2) Create parallel step RunAccountsInParallel, create sequential child step in it: ForEachAccount with repeat parameter ACCOUNT.
3) Create 2 child steps in ForEachAccount: SetVariables (type Execute a Script) and RunAnt (type Ant).
4) Update 'passwords' variable in SetVariables step: ${groovy: vars.get("passwords").setValue(util.readFileAsString(new java.io.File(<path_to_file_with_comma_separated_passwords_string_inside>)))}.
5) In the next step - RunAnt - run Ant with the property PASSWORD=${groovy: vars.getValue("passwords").split(",")[params.get("ACCOUNT").toInteger()]}
6) Look in the log - password is exposed as clear value.
QuickBuild 6.1