Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-17488

Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 5.12.0.2
    • 5.9.1, 5.10.3
    • None
    • None

      Summary

      Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk and there is more than 1 password variable.

      Steps to Reproduce

      1. Create 2 variables with password in it's name:
        1. password1 = 123
        2. password2 = *
      2. Add a script task that does any command, example echo "Hello"
      3. Run the plan

      Expected Results

      In the build logs, it should show:
      password1=********
      password2=********

      Actual Results

      For each password Bamboo would show 512 asterisks

      Extent

      If you have multiple variables that contain passwords of just asterisks, the number of asterisks will increase by 8 exponent. If there is 10 variables containing just asterisks, Bamboo will create 1 billion asterisks for each password variable in the logs.

      Workaround

      For Bamboo 5.10.3. This patched jar will prevent the cascading effect of the password masking.

      1. Stop Bamboo
      2. Backup <bamboo install dir>/atlassian-bamboo/WEB-INF/lib/atlassian-bamboo-api-5.10.3.jar to a separate directory
      3. Place this file in the above directory atlassian-bamboo-api-5.10.3.jar
      4. Start Bamboo

        1. atlassian-bamboo-api-5.10.3.jar
          915 kB

          Form Name

            [BAM-17488] Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk

            Deleted Account (Inactive) added a comment -

            Yes, I would also like if these fixes would be included in release notes, we are now still running 5.10.3 with custom `atlassian-bamboo-api-5.10.3.jar`..., having read both 5.11 and 5.12 release notes and they don't Include any information about this fix.

            Deleted Account (Inactive) added a comment - Yes, I would also like if these fixes would be included in release notes, we are now still running 5.10.3 with custom `atlassian-bamboo-api-5.10.3.jar`..., having read both 5.11 and 5.12 release notes and they don't Include any information about this fix.

            Steffen Opel [Utoolity] added a comment -

            dlee@atlassian.com - thanks for the confirmation. I've been hoping you might also be able to resolve the issue in case?

            Thing is, we are getting support requests for issues like this one, which we are referring to in issues and knowledge base articles in turn (see e.g. UAA-168), leading to conflicting/confusing information. Accordingly, it would help a lot if all resolved issues get, well, resolved  - thanks much! /cc mgardias

            Steffen Opel [Utoolity] added a comment - dlee@atlassian.com - thanks for the confirmation. I've been hoping you might also be able to resolve the issue in case? Thing is, we are getting support requests for issues like this one, which we are referring to in issues and knowledge base articles in turn (see e.g. UAA-168 ), leading to conflicting/confusing information. Accordingly, it would help a lot if all resolved issues get, well, resolved  - thanks much! /cc mgardias

            Deric Lee (Inactive) added a comment -

            sopel1, Yes, this has been fixed with 5.12. In my 5.12.3.1 test, the issue is no longer present.

            Deric Lee (Inactive) added a comment - sopel1 , Yes, this has been fixed with 5.12. In my 5.12.3.1 test, the issue is no longer present.

            Steffen Opel [Utoolity] added a comment -

            dlee@atlassian.com - has this fix actually been released with 5.12.0?

            Steffen Opel [Utoolity] added a comment - dlee@atlassian.com - has this fix actually been released with 5.12.0?

              mgardias Marcin Gardias
              dlee@atlassian.com Deric Lee (Inactive)
              Affected customers:
              3 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: