Skip to content

Commit

Permalink
Adjust credentials masking tests for base64 masking improvement (#296)
Browse files Browse the repository at this point in the history
  • Loading branch information
MarkEWaite authored Sep 18, 2023
1 parent e4bc9ef commit cff671a
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 19 deletions.
1 change: 1 addition & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>credentials-binding</artifactId>
<version>636.v55f1275c7b_27</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ private UsernamePasswordCredentialsImpl createCredential(String id, String usern
@Before
public void before() {
GlobalConfigFiles.get().save(new MavenSettingsConfig("m2settings", "m2settings", "", "<settings/>", true,
Collections.singletonList(new ServerCredentialMapping("myserver", createCredential("creds", "bot", "s3cr3t").getId()))));
Collections.singletonList(new ServerCredentialMapping("myserver", createCredential("creds", "bot-user-name", "bot-user-s3cr3t").getId()))));
GlobalConfigFiles.get().save(new GlobalMavenSettingsConfig("m2GlobalSettings", "m2GlobalSettings", "", "<settings/>", true,
Collections.singletonList(new ServerCredentialMapping("myGlobalServer", createCredential("creds2", "admin", "sensitive").getId()))));

Expand All @@ -104,8 +104,8 @@ public void withCredentials() throws Exception {
" String settings = readFile(env.SETTINGS)",
" echo settings",
" if (!settings.equals('<settings/>')) {", //Build #2 won't have credentials to assert on
" assert settings.contains('<password>s3cr3t</password>')",
" assert settings.contains('<username>bot</username>')",
" assert settings.contains('<password>bot-user-s3cr3t</password>')",
" assert settings.contains('<username>bot-user-name</username>')",
" }",
" settings = readFile(env.GOBAL_SETTINGS)",
" echo settings",
Expand All @@ -116,14 +116,14 @@ public void withCredentials() throws Exception {
" }",
"}"), true));
WorkflowRun run = r.buildAndAssertSuccess(p);
r.assertLogNotContains("<password>s3cr3t</password>", run);
r.assertLogNotContains("<username>bot</username>", run);
r.assertLogNotContains("<password>bot-user-s3cr3t</password>", run);
r.assertLogNotContains("<username>bot-user-name</username>", run);
r.assertLogNotContains("<password>sensitive</password>", run);
r.assertLogNotContains("<username>admin</username>", run);
r.assertLogContains("<password>****</password>", run);
r.assertLogContains("<username>****</username>", run);
// Missing credentials. Currently treated as nonfatal:
SystemCredentialsProvider.getInstance().getCredentials().set(0, new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "creds", "", "bot", "s3cr3t"));
SystemCredentialsProvider.getInstance().getCredentials().set(0, new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "creds", "", "bot-user-name", "bot-user-s3cr3t"));
SystemCredentialsProvider.getInstance().getCredentials().set(1, new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "creds2", "", "admin", "sensitive"));
WorkflowRun b2 = r.buildAndAssertSuccess(p);
r.assertLogContains("Could not find credentials [creds] for p #2", b2);
Expand All @@ -141,8 +141,8 @@ public void freestyleWithCredentials() throws Exception {
public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListener listener) throws InterruptedException, IOException {
String settings = build.getWorkspace().child(build.getEnvironment(listener).get("SETTINGS")).readToString();
listener.getLogger().println(settings);
assertThat(settings, containsString("<password>s3cr3t</password>"));
assertThat(settings, containsString("<username>bot</username>"));
assertThat(settings, containsString("<password>bot-user-s3cr3t</password>"));
assertThat(settings, containsString("<username>bot-user-name</username>"));


settings = build.getWorkspace().child(build.getEnvironment(listener).get("GLOBAL_SETTINGS")).readToString();
Expand All @@ -154,8 +154,8 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
});
p.setAssignedNode(slave);
FreeStyleBuild run = r.buildAndAssertSuccess(p);
r.assertLogNotContains("<password>s3cr3t</password>", run);
r.assertLogNotContains("<username>bot</username>", run);
r.assertLogNotContains("<password>bot-user-s3cr3t</password>", run);
r.assertLogNotContains("<username>bot-user-name</username>", run);
r.assertLogNotContains("<password>sensitive</password>", run);
r.assertLogNotContains("<username>admin</username>", run);
r.assertLogContains("<password>****</password>", run);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public class PropertiesConfigTest {
@Test
public void withCredentials() throws Exception {
// Smokes with full replace:
SystemCredentialsProvider.getInstance().getCredentials().add(new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "creds", "", "bot", "s3cr3t"));
SystemCredentialsProvider.getInstance().getCredentials().add(new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "creds", "", "bot-user-name", "bot-user-s3cr3t"));
GlobalConfigFiles.get().save(new PropertiesConfig("gradle", "gradle", "", "myprop=", true, Collections.singletonList(new PropertiesCredentialMapping("myprop", "creds"))));
WorkflowJob p = r.createProject(WorkflowJob.class, "p");
p.setDefinition(new CpsFlowDefinition(
Expand All @@ -37,17 +37,17 @@ public void withCredentials() throws Exception {
" variable: 'SETTINGS')]) {",
" String content = readFile(env.SETTINGS)",
" if (currentBuild.id == 1) { // only the first build will have the secret" ,
" assert content.contains('myprop=s3cr3t')",
" assert content.contains('myprop=bot-user-s3cr3t')",
" }",
" echo content",
" }",
"}"),
true));
WorkflowRun b1 = r.buildAndAssertSuccess(p);
r.assertLogContains("myprop=****", b1);
r.assertLogNotContains("myprop=s3cr3t", b1);
r.assertLogNotContains("myprop=bot-user-s3cr3t", b1);
// Missing credentials. Currently treated as nonfatal:
SystemCredentialsProvider.getInstance().getCredentials().set(0, new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "creds", "", "bot", "s3cr3t"));
SystemCredentialsProvider.getInstance().getCredentials().set(0, new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "creds", "", "bot-user-name", "bot-user-s3cr3t"));
WorkflowRun b2 = r.buildAndAssertSuccess(p);
r.assertLogContains("Could not find credentials [creds] for p #2", b2);
r.assertLogContains("myprop="+System.lineSeparator(), b2);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,15 +14,15 @@

public class CredentialsHelperTest {

private final static String PWD = "s3cr3t";
private final static String PWD = "bot-user-s3cr3t";

@Rule
public JenkinsRule jenkins = new JenkinsRule();

@Test
public void testPropertiesIsReplacedWhenReplaceTrue() throws Exception {
Map<String, StandardUsernameCredentials> credentials = new HashMap<>();
credentials.put("myProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot", PWD));
credentials.put("myProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot-user-name", PWD));

final String settingsContent = IOUtils.toString(CredentialsHelperTest.class.getResourceAsStream("/settings_test.properties"));

Expand All @@ -34,7 +34,7 @@ public void testPropertiesIsReplacedWhenReplaceTrue() throws Exception {
@Test
public void testPropertiesIsNotReplacedWhenReplaceFalse() throws Exception {
Map<String, StandardUsernameCredentials> credentials = new HashMap<>();
credentials.put("myProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot", PWD));
credentials.put("myProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot-user-name", PWD));

final String settingsContent = IOUtils.toString(CredentialsHelperTest.class.getResourceAsStream("/settings_test.properties"));

Expand All @@ -46,7 +46,7 @@ public void testPropertiesIsNotReplacedWhenReplaceFalse() throws Exception {
@Test
public void testPropertiesIsAddedWhenReplaceTrue() throws Exception {
Map<String, StandardUsernameCredentials> credentials = new HashMap<>();
credentials.put("myNewProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot", PWD));
credentials.put("myNewProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot-user-name", PWD));

final String settingsContent = IOUtils.toString(CredentialsHelperTest.class.getResourceAsStream("/settings_test.properties"));

Expand All @@ -58,7 +58,7 @@ public void testPropertiesIsAddedWhenReplaceTrue() throws Exception {
@Test
public void testPropertiesIsAddedWhenReplaceFalse() throws Exception {
Map<String, StandardUsernameCredentials> credentials = new HashMap<>();
credentials.put("myNewProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot", PWD));
credentials.put("myNewProp", new UsernamePasswordCredentialsImpl(CredentialsScope.SYSTEM, "my-credentials", "some desc", "bot-user-name", PWD));

final String settingsContent = IOUtils.toString(CredentialsHelperTest.class.getResourceAsStream("/settings_test.properties"));

Expand Down

0 comments on commit cff671a

Please sign in to comment.