Details
-
Bug
-
Resolution: Fixed
-
Low
-
5.9.1, 5.10.3
-
None
-
None
Description
Summary
Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk and there is more than 1 password variable.
Steps to Reproduce
- Create 2 variables with password in it's name:
- password1 = 123
- password2 = *
- Add a script task that does any command, example echo "Hello"
- Run the plan
Expected Results
In the build logs, it should show:
password1=********
password2=********
Actual Results
For each password Bamboo would show 512 asterisks
Extent
If you have multiple variables that contain passwords of just asterisks, the number of asterisks will increase by 8 exponent. If there is 10 variables containing just asterisks, Bamboo will create 1 billion asterisks for each password variable in the logs.
Workaround
For Bamboo 5.10.3. This patched jar will prevent the cascading effect of the password masking.
- Stop Bamboo
- Backup <bamboo install dir>/atlassian-bamboo/WEB-INF/lib/atlassian-bamboo-api-5.10.3.jar to a separate directory
- Place this file in the above directory atlassian-bamboo-api-5.10.3.jar
- Start Bamboo
Attachments
Issue Links
- is a regression of
-
BAM-14475 Password variables must be masked in the build log
- Closed