Skip to content

Commit

Permalink
SECURITY-1429 Do not show authKey and urlPassword as plaintext in con…
Browse files Browse the repository at this point in the history
…fig.xml
  • Loading branch information
hanalee-skytap committed Jul 24, 2019
1 parent 4835d48 commit 167986a
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 18 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
import hudson.Extension;
import hudson.model.AbstractBuild;
import hudson.FilePath;
import hudson.util.Secret;

import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
Expand All @@ -60,7 +61,7 @@ public class CreatePublishURLStep extends SkytapAction {
private final String permissionOption;

private final Boolean hasPassword;
private final String urlPassword;
private final Secret urlPassword;

// these will be initialized when the step is run
@XStreamOmitField
Expand Down Expand Up @@ -315,10 +316,10 @@ private List<String> getVMIds(String confId) throws SkytapException {

// "requirePassword":{"urlPassword":"qsdqweq"}
public static class RequirePasswordBlock {
private String password;
private Secret password;

@DataBoundConstructor
public RequirePasswordBlock(String urlPassword) {
public RequirePasswordBlock(Secret urlPassword) {
this.password = urlPassword;
}
}
Expand Down Expand Up @@ -385,7 +386,7 @@ public Boolean getHasPassword() {
}

public String getUrlPassword() {
return urlPassword;
return Secret.toString(urlPassword);
}

public String getPortalName() {
Expand Down
29 changes: 15 additions & 14 deletions src/main/java/org/jenkinsci/plugins/skytap/SkytapBuildWrapper.java
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
//
//
package org.jenkinsci.plugins.skytap;

import hudson.EnvVars;
Expand All @@ -29,6 +29,7 @@
import hudson.model.AbstractProject;
import hudson.tasks.BuildWrapper;
import hudson.tasks.BuildWrapperDescriptor;
import hudson.util.Secret;

import java.io.IOException;
import java.util.Map;
Expand All @@ -39,11 +40,11 @@ public class SkytapBuildWrapper extends BuildWrapper {

@Extension
public static class DescriptorImpl extends BuildWrapperDescriptor {

public DescriptorImpl() {
load();
}

@Override
public String getDisplayName() {
return "Skytap Cloud Authentication Credentials";
Expand All @@ -57,49 +58,49 @@ public boolean isApplicable(final AbstractProject<?, ?> item) {
}

private final String userId;
private final String authKey;
private final Secret authKey;

@DataBoundConstructor
public SkytapBuildWrapper(final String userId, final String authKey) {
public SkytapBuildWrapper(final String userId, final Secret authKey) {
super();
this.userId = userId;
this.authKey = authKey;
}

public String getUserId() {
return userId;
}

public String getAuthKey() {
return authKey;
return Secret.toString(authKey);
}

@Override
public BuildWrapper.Environment setUp(
@SuppressWarnings("rawtypes") final AbstractBuild build,
final Launcher launcher, final BuildListener listener)
throws IOException, InterruptedException
{

EnvVars env = build.getEnvironment(listener);
env.put("userId", userId);
env.put("authKey", authKey);
env.put("authKey", Secret.toString(authKey));

return new Environment()
{
/* empty implementation */
};
}

@Override
public void makeBuildVariables(AbstractBuild build,
Map<String, String> variables) {

variables.put("userId", userId);
variables.put("authKey", authKey);
variables.put("authKey", Secret.toString(authKey));

}

@Override
public DescriptorImpl getDescriptor() {
return (DescriptorImpl)super.getDescriptor();
Expand Down

0 comments on commit 167986a

Please # to comment.