use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.
the class ReplayActionTest method withPasswordParameter.
@Issue("SECURITY-2443")
@Test
public void withPasswordParameter() {
story.then(r -> {
WorkflowJob p = story.j.jenkins.createProject(WorkflowJob.class, "p");
p.addProperty(new ParametersDefinitionProperty(new PasswordParameterDefinition("passwordParam", "top secret", "")));
p.setDefinition(new CpsFlowDefinition("echo(/passwordParam: ${passwordParam}/)", true));
WorkflowRun run1 = story.j.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new PasswordParameterValue("passwordParam", "confidential"))));
// When we replay a build with password parameter it should fail with access denied exception.
assertThrows(Failure.class, () -> run1.getAction(ReplayAction.class).run("echo(/Replaying passwordParam: ${passwordParam}/)", Collections.emptyMap()).get());
});
}
use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.
the class DSLTest method emptyPasswordParametersIgnored.
@Issue("JENKINS-64282")
@Test
public void emptyPasswordParametersIgnored() throws Exception {
String shellStep = Functions.isWindows() ? "bat" : "sh";
p.setDefinition(new CpsFlowDefinition("" + "node {\n" + shellStep + " \"echo ${params.TEXT} ${params.PASSWORD}\"\n" + "}", true));
p.addProperty(new ParametersDefinitionProperty(new StringParameterDefinition("TEXT", ""), new PasswordParameterDefinition("PASSWORD", "", null)));
WorkflowRun run = r.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new StringParameterValue("TEXT", "hello"), new PasswordParameterValue("PASSWORD", ""))));
r.assertLogNotContains("Warning: A secret was passed", run);
r.assertLogNotContains("Affected argument(s) used the following", run);
LinearScanner scan = new LinearScanner();
FlowNode node = scan.findFirstMatch(run.getExecution().getCurrentHeads().get(0), new NodeStepTypePredicate(shellStep));
ArgumentsAction argAction = node.getPersistentAction(ArgumentsAction.class);
Assert.assertTrue(argAction.isUnmodifiedArguments());
MatcherAssert.assertThat(argAction.getArguments().values().iterator().next(), is("echo hello "));
}
use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.
the class DSLTest method passwordParametersSanitized.
@Issue("JENKINS-47101")
@Test
public void passwordParametersSanitized() throws Exception {
String shellStep = Functions.isWindows() ? "bat" : "sh";
p.setDefinition(new CpsFlowDefinition("" + "node {\n" + shellStep + " \"echo ${params.TEXT} ${params.PASSWORD}\"\n" + "}", true));
p.addProperty(new ParametersDefinitionProperty(new StringParameterDefinition("TEXT", ""), new PasswordParameterDefinition("PASSWORD", "", null)));
WorkflowRun run = r.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new StringParameterValue("TEXT", "hello"), new PasswordParameterValue("PASSWORD", "s3cr3t"))));
r.assertLogContains("Warning: A secret was passed to \"" + shellStep + "\"", run);
r.assertLogContains("Affected argument(s) used the following variable(s): [PASSWORD]", run);
InterpolatedSecretsAction reportAction = run.getAction(InterpolatedSecretsAction.class);
Assert.assertNotNull(reportAction);
List<InterpolatedSecretsAction.InterpolatedWarnings> warnings = reportAction.getWarnings();
MatcherAssert.assertThat(warnings.size(), is(1));
InterpolatedSecretsAction.InterpolatedWarnings stepWarning = warnings.get(0);
MatcherAssert.assertThat(stepWarning.getStepName(), is(shellStep));
MatcherAssert.assertThat(stepWarning.getInterpolatedVariables(), is(Arrays.asList("PASSWORD")));
LinearScanner scan = new LinearScanner();
FlowNode node = scan.findFirstMatch(run.getExecution().getCurrentHeads().get(0), new NodeStepTypePredicate(shellStep));
ArgumentsAction argAction = node.getPersistentAction(ArgumentsAction.class);
Assert.assertFalse(argAction.isUnmodifiedArguments());
MatcherAssert.assertThat(argAction.getArguments().values().iterator().next(), is("echo hello ${PASSWORD}"));
}
use of hudson.model.PasswordParameterValue in project workflow-cps-plugin by jenkinsci.
the class ParamsVariableTest method smokes.
@Issue("JENKINS-27295")
@Test
public void smokes() throws Exception {
WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition("echo(/TEXT=${params.TEXT} FLAG=${params.FLAG ? 'yes' : 'no'} PASS=${params.PASS}/)", true));
p.addProperty(new ParametersDefinitionProperty(new StringParameterDefinition("TEXT", ""), new BooleanParameterDefinition("FLAG", false, null), new PasswordParameterDefinition("PASS", "", null)));
WorkflowRun b = r.assertBuildStatusSuccess(p.scheduleBuild2(0, new ParametersAction(new StringParameterValue("TEXT", "hello"), new BooleanParameterValue("FLAG", true), new PasswordParameterValue("PASS", "s3cr3t"))));
r.assertLogContains("TEXT=hello", b);
r.assertLogContains("FLAG=yes", b);
r.assertLogContains("PASS=s3cr3t", b);
}
Aggregations