Uploaded image for project: 'Jenkins Artifactory Plug-in'
  1. Jenkins Artifactory Plug-in
  2. HAP-1339

Gradle builds do not exclude sensitive environment variables by default and exclude patterns don't work

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: 2 - Critical
    • Resolution: Done
    • Affects Version/s: 3.5.0, 3.6.0
    • Fix Version/s: 3.6.2
    • Component/s: Gradle
    • Labels:
      None

      Description

      All environment variables are displayed in the build.info, this includes passwords and usernames.  I tested with 3.5.0 and 3.6.1 of the plugin with the same results.

       

      REPRODUCE

      Use our default gradle pipeline example:

      https://github.com/jfrog/project-examples/tree/master/jenkins-examples/pipeline-examples/declarative-examples/gradle-example

      This has an exclude in it that does not work.  I also added a art_usr and art_psw to the environment variables and saw the same behavior.  

      Run the build in Jenkins and check Artifactory build.info.  You will see all environment variables even with explicit excludes of these variables.

       

      A snippet from the build info
      buildInfo.env._ 
      /usr/bin/daemon 
      buildInfo.env.art_psw 
      password 
      buildInfo.env.art_user 
      scott

        Attachments

          Activity

            People

            Assignee:
            yahavi Yahav Itzhak
            Reporter:
            scottm Scott Mosher
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: