| << Back to previous view |
|
[QB-2972] GitRepository shows password on command error.
|
|
| Status: | Resolved |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | 6.1.36 |
| Fix Version/s: | 7.0.15 |
| Type: | Bug | Priority: | Critical |
| Reporter: | AlSt | Assigned To: | Robin Shen |
| Resolution: | Fixed | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
If a checkout step or any other git cli call fails it shows the password in the error message:
13:44:26,754 INFO - Getting changes of 'git-repo' since build '1.119.1'... 13:44:48,270 ERROR - fatal: Authentication failed for 'https://user:mysecretpassword@giturl.git/' 13:44:48,357 ERROR - error: Could not fetch origin 13:44:48,598 INFO - Executing post-execute action... 13:44:48,598 ERROR - Step 'master>checkout>git' is failed: Failed to run command: git fetch --all -q Command return code: 1 Command error output: fatal: Authentication failed for 'https://user:mysecretpassword@giturl.git/' error: Could not fetch origin 13:44:48,775 INFO - Executing post-execute action... 13:44:48,775 ERROR - Step 'master>checkout' is failed: Composite step 'checkout' failed due to unsatisfied success condition. I just replaced the real information in the output, but that's something that shows up in the build log etc and should not be known by simple users. |
| Comments |
| Comment by AlSt [ 24/Apr/17 02:01 PM ] |
| And I think I know whats the problem... The password contains an @ character which is url encoded then and it does not get masked the right way. |
| Comment by Robin Shen [ 25/Apr/17 08:39 AM ] |
|
Also make sure that the password is defined as:
vars.getValue("password") And then define a variable named "password" with prompt type set to "secret" |