Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-17488

Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 5.12.0.2
    • 5.9.1, 5.10.3
    • None
    • None

      Summary

      Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk and there is more than 1 password variable.

      Steps to Reproduce

      1. Create 2 variables with password in it's name:
        1. password1 = 123
        2. password2 = *
      2. Add a script task that does any command, example echo "Hello"
      3. Run the plan

      Expected Results

      In the build logs, it should show:
      password1=********
      password2=********

      Actual Results

      For each password Bamboo would show 512 asterisks

      Extent

      If you have multiple variables that contain passwords of just asterisks, the number of asterisks will increase by 8 exponent. If there is 10 variables containing just asterisks, Bamboo will create 1 billion asterisks for each password variable in the logs.

      Workaround

      For Bamboo 5.10.3. This patched jar will prevent the cascading effect of the password masking.

      1. Stop Bamboo
      2. Backup <bamboo install dir>/atlassian-bamboo/WEB-INF/lib/atlassian-bamboo-api-5.10.3.jar to a separate directory
      3. Place this file in the above directory atlassian-bamboo-api-5.10.3.jar
      4. Start Bamboo

        1. atlassian-bamboo-api-5.10.3.jar
          915 kB
          Deric Lee

            [BAM-17488] Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2016 v1 - Restricted [ 1443738 ] New: JAC Bug Workflow v3 [ 3382789 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Krystian Brazulewicz made changes -
            Fix Version/s New: 5.12.0.2 [ 62126 ]
            Fix Version/s Original: 5.12.0 [ 61527 ]
            Marcin Gardias made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Resolved [ 5 ]
            Marcin Gardias made changes -
            Status Original: Resolved [ 5 ] New: Needs Triage [ 10030 ]
            Przemek Bruski made changes -
            Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
            Przemek Bruski made changes -
            Status Original: Open [ 1 ] New: In Progress [ 3 ]
            Owen made changes -
            Workflow Original: Bamboo Workflow 2016 v1 [ 1421984 ] New: Bamboo Workflow 2016 v1 - Restricted [ 1443738 ]
            Marek Went (Inactive) made changes -
            Workflow Original: Bamboo Workflow 2014 v2 [ 1305616 ] New: Bamboo Workflow 2016 v1 [ 1421984 ]
            Marcin Gardias made changes -
            Status Original: Needs Triage [ 10030 ] New: Open [ 1 ]
            Marcin Gardias made changes -
            Assignee New: Marcin Gardias [ mgardias ]

              mgardias Marcin Gardias
              dlee@atlassian.com Deric Lee (Inactive)
              Affected customers:
              3 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: