-
Type:
Bug
-
Resolution: Fixed
-
Priority:
High
-
Affects Version/s: None
-
Component/s: Bamboo Specs
-
Severity 3 - Minor
Summary
After creating a repository definition for a Plan, and viewing the plan's specs configuration. Password for the repository stored as plain text.
Passwords should not be stored in plain text
Steps to Reproduce
- Create a Build Plan
- Create a Repository as part of this Plan
- "View as Specs"
.planRepositories(new AnyVcsRepository(new AtlassianModule("com.atlassian.bamboo.plugin.system.repository:svnv2")) .name("svnrepository") .oid(new BambooOid("19zo7ifeva2v6")) .serverConfiguration(new MapBuilder() .put("repository.svn.useExternals", false) .put("repository.svn.tag.create.autodetectPath", true) .put("repository.svn.authType", "password") .put("repository.svn.username", "myusername") .put("repository.svn.branch.create.autodetectPath", true) .put("repository.svn.userPassword", "mypassword") .put("repository.svn.useExport", false) .put("repository.svn.repositoryRoot", "http://svn.collab.net/repos/svn") .build()) .branchConfiguration(new MapBuilder() .put("repository.svn.branch.displayName", "svn") .put("repository.svn.branch.path", "") .build())
Expected Results
Expect password to be obfuscated, or encrypted.
Actual Results
.put("repository.svn.userPassword", "mypassword")
Workaround
Only use SSH authentication for repositories