Merge pull request #20 from delinea-sagar/master

Bug fixes - masking issue and folder level credential issue
jenkinsci · Dec 19, 2023 · 27c8741 · 27c8741
2 parents 635dee4 + 08dc308
commit 27c8741
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 19 deletions.
diff --git a/.changes/1.0.5.md b/.changes/1.0.5.md
@@ -0,0 +1,5 @@
+## 1.0.5 - 2023-12-18
+### 🐛 Bug Fix
+
+- Fixed masking issue on remote agent.
+- Fixed folder level credential issue.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,11 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
 and is generated by [Changie](https://github.com/miniscruff/changie).
+## 1.0.5 - 2023-12-18
+### 🐛 Bug Fix
+
+- Fixed masking issue on remote agent.
+- Fixed folder level credential issue.
 ## 1.0.4 - 2023-10-04
 ### 🐛 Bug Fix
 
 - Fixed Vulnerabilities.
-
 ## 1.0.3 - 2023-09-22
 ### 🐛 Bug Fix
 

diff --git a/Taskfile.yml b/Taskfile.yml
@@ -18,7 +18,7 @@ tasks:
   bump:
     desc: bump the version using changie
     cmds:
-      - changie batch 1.0.4
+      - changie batch 1.0.5
       - changie merge
       - git add .changes/*
       - git add CHANGELOG.md

diff --git a/pom.xml b/pom.xml
@@ -9,7 +9,7 @@
     </parent>
     <groupId>io.jenkins.plugins</groupId>
     <artifactId>thycotic-secret-server</artifactId>
-    <version>1.0.4</version>
+    <version>1.0.5</version>
     <packaging>hpi</packaging>
     <properties>
         <!-- Baseline Jenkins version you use to build the plugin. Users must have this version or newer to run. -->

diff --git a/src/main/java/com/thycotic/secrets/jenkins/ServerBuildWrapper.java b/src/main/java/com/thycotic/secrets/jenkins/ServerBuildWrapper.java
@@ -5,6 +5,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
 import com.thycotic.secrets.server.spring.Secret;
 import com.thycotic.secrets.server.spring.SecretServer;
@@ -28,6 +29,8 @@
 import hudson.model.TaskListener;
 import hudson.tasks.BuildWrapperDescriptor;
 import jenkins.tasks.SimpleBuildWrapper;
+import org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns;
+import java.util.stream.Collectors;
 
 public class ServerBuildWrapper extends SimpleBuildWrapper {
     private static final String USERNAME_PROPERTY = "secret_server.oauth2.username";
@@ -54,7 +57,8 @@ public void setSecrets(final List<ServerSecret> secrets) {
 
     @Override
     public ConsoleLogFilter createLoggerDecorator(final Run<?, ?> build) {
-        return new ServerConsoleLogFilter(build.getCharset().name(), valuesToMask);
+    	List<String> values = valuesToMask.stream().filter(Objects::nonNull).collect(Collectors.toList());
+        return new ServerConsoleLogFilter(build.getCharset().name(), !values.isEmpty() ? SecretPatterns.getAggregateSecretPattern(values) : null);
     }
 
     @Override
@@ -78,9 +82,9 @@ public void setUp(final Context context, final Run<?, ?> build, final FilePath w
             final UserCredentials credential;
 
             if (StringUtils.isNotBlank(overrideUserCredentialId)) {
-                credential = UserCredentials.get(overrideUserCredentialId, null);
+                credential = UserCredentials.get(overrideUserCredentialId, build.getParent());
             } else {
-                credential = UserCredentials.get(configuration.getCredentialId(), null);
+                credential = UserCredentials.get(configuration.getCredentialId(), build.getParent());
             }
             assert (credential != null); // see ServerSecret.DescriptorImpl.doCheckCredentialId
 

diff --git a/src/main/java/com/thycotic/secrets/jenkins/ServerConsoleLogFilter.java b/src/main/java/com/thycotic/secrets/jenkins/ServerConsoleLogFilter.java
@@ -6,32 +6,23 @@
 import java.io.OutputStream;
 import java.io.Serializable;
 import java.io.IOException;
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
+import java.util.regex.Pattern;
 
 import org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns;
 
 // borrowed from https://github.com/jenkinsci/azure-keyvault-plugin/blob/master/src/main/java/org/jenkinsci/plugins/azurekeyvaultplugin/MaskingConsoleLogFilter.java
 public class ServerConsoleLogFilter extends ConsoleLogFilter implements Serializable {
     private static final long serialVersionUID = 1L;
     private final String charsetName;
-    private final List<String> valuesToMask;
+    private final Pattern valuesToMask;
 
-    public ServerConsoleLogFilter(final String charsetName, final List<String> valuesToMask) {
+    public ServerConsoleLogFilter(final String charsetName, final Pattern valuesToMask) {
         this.charsetName = charsetName;
         this.valuesToMask = valuesToMask;
     }
 
     @Override
     public OutputStream decorateLogger(Run run, final OutputStream logger) throws IOException, InterruptedException {
-        return new SecretPatterns.MaskingOutputStream(logger, () -> {
-                List<String> values = valuesToMask.stream().filter(Objects::nonNull).collect(Collectors.toList());
-                if (!values.isEmpty()) {
-                    return SecretPatterns.getAggregateSecretPattern(values);
-                } else {
-                    return null;
-                }
-            },charsetName);
+        return new SecretPatterns.MaskingOutputStream(logger, () -> valuesToMask, charsetName);
     }
 }