Escape special characters for GitUsernamePasswordBinding in withCrede… #1443
Conversation
|
Thanks for the pull request. It is similar to the technique offered in #1310 and #1314. Unfortunately, all three implementations fail in interesting ways with special characters and special conditions. Would you be willing to adapt your pull request to use the technique that is used in the git client plugin? Instead of |
Seros
force-pushed
the
escape-special-characters-with-credentials
branch
from
6e4d10a to
54cfe20
Compare
In the future, the repository will be formatted with spotless and that ugliness will be banished forever. Helps my code review to make the diffs small now.
No need to make them visible outside the class where they are used. Also adds the same comment on these methods as is used on the methods in the git client plugin so that future consumers will know to not use them for any other purpose than their current very limited use.
|
@MarkEWaite : No offence, but I am unsure if that fix went in the right direction? Whats wrong with #!/bin/bash
if [[ "$1" =~ Password ]]; then
echo "$GIT_PASSWORD"
else
echo "$GIT_USERNAME"
fiThis relies on env variables which can contain the special characters, we hotfixed exactly this in our |
I'll need some time to consider that as an alternative. The technique used in this pull request is the same technique that has been used in the git client plugin for many years. I preferred consistency with the git client plugin because that is known to be working reliably in the existing installations of the git plugin.
I disagree that it is worse to write passwords to disk. We're already writing private keys to disc for ssh authentication of git repositories. We're already writing passwords to disk for for username / password authentication when cloning a git repository and when performing other username / password authenticated operations. Writing a username and password to disc for the If others want to implement replacement authentication techniques, I'm open to consider them, though those techniques need to continue to work correctly with command line git 1.8 through 2.41 and with both username / password and private key authentication. After the November 2023 end of support for Red Hat Enterprise Linux 7, we can narrow the required ranges to command line git 2.11 through 2.41. |
|
I understand that the PR builds on the existing solution. But when I looked at the code, what I did not understand is, that the
|
|
From what I know about git and the use case most Jenkins users face is that you want configure git to use specific basic auth credentials for specific commands but git does not support reading credentials from the environment variables. Instead it does automatically search for the |
|
How can the script #1443 (comment) |
JENKINS-47514 - Escape special characters in GitUsernamePasswordBinding in withCredentials
As described in the issue using git usernames or password with special chars in the GitUsernamePasswordBinding for withCredentials lead to several errors making the step unusable in such cases. This PR introduces the same credential passing technique as is used in the git client plugin. It avoids almost all cases of special characters in passwords causing issues by using a separate file to store the password then using the operating system appropriate command to pass the contents of the file to command line git.
Checklist
Types of changes