Skip to content

Commit

Permalink
[JENKINS-47101] Add a default EnvironmentExpander that registers pass…
Browse files Browse the repository at this point in the history 
…word parameters as sensitive variables
  • Loading branch information
@dwnusbaum
dwnusbaum committed Nov 5, 2020
1 parent a505b90 commit 3e4ba31
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 1 deletion.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
<dependency>
<groupId>io.jenkins.tools.bom</groupId>
<artifactId>bom-2.176.x</artifactId>
<version>9</version>
<version>16</version>
<scope>import</scope>
<type>pom</type>
</dependency>
Expand Down
41 changes: 41 additions & 0 deletions src/main/java/org/jenkinsci/plugins/workflow/support/DefaultStepContext.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,18 @@
import hudson.model.Computer;
import hudson.model.Job;
import hudson.model.Node;
import hudson.model.ParameterValue;
import hudson.model.ParametersAction;
import hudson.model.PasswordParameterValue;
import hudson.model.Run;
import hudson.model.TaskListener;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import org.jenkinsci.plugins.workflow.flow.FlowExecution;
Expand Down Expand Up @@ -97,6 +104,9 @@ public abstract class DefaultStepContext extends StepContext {
return castOrNull(key,getExecution());
} else if (FlowNode.class.isAssignableFrom(key)) {
return castOrNull(key, getNode());
} else if (key == EnvironmentExpander.class) {
// Only called when `value == null` so that it does not override expanders contributed by steps.
return key.cast(new PasswordParameterEnvironmentExpander(get(Run.class)));
} else {
// unrecognized key
return null;
Expand Down Expand Up @@ -172,4 +182,35 @@ private <T> T castOrNull(Class<T> key, Object o) {
*/
protected abstract @Nonnull FlowNode getNode() throws IOException;

/**
* Default implementation of {@link EnvironmentExpander} that recognizes password parameters as sensitive variables.
*/
private static class PasswordParameterEnvironmentExpander extends EnvironmentExpander {
private static final long serialVersionUID = 1L;

private final Set<String> passwordParameterVariables;

public PasswordParameterEnvironmentExpander(Run<?, ?> run) {
ParametersAction action = run.getAction(ParametersAction.class);
if (action != null) {
passwordParameterVariables = action.getParameters().stream()
.filter(v -> v instanceof PasswordParameterValue)
.map(ParameterValue::getName)
.collect(Collectors.toCollection(() -> new HashSet<>())); // Make sure the set is serializable.
} else {
passwordParameterVariables = Collections.emptySet();
}
}

@Override
public void expand(EnvVars ev) {
// Do nothing.
}

@Override
public Set<String> getSensitiveVariables() {
return passwordParameterVariables;
}
}

}

0 comments on commit 3e4ba31

Please sign in to comment.