Details
-
Bug
-
Resolution: Fixed
-
High
-
None
Description
Hi,
when running build with a maven task that uses ${bamboo.my.password} variable, when this task fails, the log contains clear-text password. If the task is successful, no password is printed. This is a security risk.
My MVN2 task was something like this:
"com.atlassian.maven.plugins:maven-amps-dispatcher-plugin:4.0:install" -DskipTests -Dhttp.port=80 -Dcontext.path= -Dserver=<server>
-Dusername=${bamboo.username} -Dpassword=${bamboo.password}
The log produced when the deploy failed:
09-Jul-2013 12:57:22 [INFO] Install Plugin: Uploading 'support-resources-108-SNAPSHOT.jar' to server: <server> 09-Jul-2013 12:57:23 [INFO] ------------------------------------------------------------------------ 09-Jul-2013 12:57:23 [ERROR] BUILD ERROR 09-Jul-2013 12:57:23 [INFO] ------------------------------------------------------------------------ 09-Jul-2013 12:57:23 [INFO] Unable to execute mojo 09-Jul-2013 12:57:23 09-Jul-2013 12:57:23 Install Plugin: Upload failed[404]: Not Found 09-Jul-2013 12:57:23 [INFO] ------------------------------------------------------------------------ 09-Jul-2013 12:57:23 [INFO] For more information, run Maven with the -e switch 09-Jul-2013 12:57:23 [INFO] ------------------------------------------------------------------------ 09-Jul-2013 12:57:23 [INFO] Total time: 56 seconds 09-Jul-2013 12:57:23 [INFO] Finished at: Tue Jul 09 12:57:23 UTC 2013 09-Jul-2013 12:57:24 [INFO] Final Memory: 160M/505M 09-Jul-2013 12:57:24 [INFO] ------------------------------------------------------------------------ 09-Jul-2013 12:57:25 Failing task since return code of [/opt/java/tools/maven/apache-maven-2.1.0/bin/mvn -Djava.io.tmpdir=/tmp/SRP-SRPTS-DEPLOY install com.atlassian.maven.plugins:maven-amps-dispatcher-plugin:4.0:install -DskipTests -Dhttp.port=80 -Dserver=<server> -Dusername=<username> -Dpassword=<clear text password> was 1 while expected 0