[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
SCM/JIRA link daemon commented on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Code changed in jenkins User: rinrinne Path: src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/Config.java src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/IGerritHudsonTriggerConfig.java src/main/resources/com/sonyericsson/hudson/plugins/gerrit/trigger/GerritServer/index.jelly src/test/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/ConfigTest.java src/test/java/com/sonyericsson/hudson/plugins/gerrit/trigger/mock/MockGerritHudsonTriggerConfig.java http://jenkins-ci.org/commit/gerrit-trigger-plugin/d402536e48c300aa435c3f3e519e7754fc769ecf Log: Prevent to send plaintext password to browser Fix for JENKINS-23165 and pull #157 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne resolved JENKINS-23165 as Fixed Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (03/Jun/14 1:19 AM) Status: Open Resolved Assignee: rin_ne rsandell Resolution: Fixed This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne edited a comment on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Secret.fromString() raises NPE when given parameter is null or empty string. Sorry, my bad. Test has no Jenkins instance. This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne updated JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (27/May/14 9:57 AM) Assignee: rsandell rin_ne This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne started work on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (27/May/14 9:57 AM) Status: Open InProgress This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne stopped work on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (27/May/14 10:04 AM) Status: InProgress Open This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne commented on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext PR: https://github.com/jenkinsci/gerrit-trigger-plugin/pull/157 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
SCM/JIRA link daemon commented on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Code changed in jenkins User: rinrinne Path: src/main/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/Config.java src/test/java/com/sonyericsson/hudson/plugins/gerrit/trigger/config/ConfigTest.java http://jenkins-ci.org/commit/gerrit-trigger-plugin/7d6bcae8a93087d97cbfaece7099f8afdde7bf49 Log: Store encrypted password Now password for SSH authentication file is stored as plain text. This patch fixes it. Already stored password would be replaced to encrypted ones if config is saved once. Fix for JENKINS-23165 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne resolved JENKINS-23165 as Fixed Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (27/May/14 1:41 PM) Status: Open Resolved Assignee: rin_ne rsandell Fix Version/s: current Resolution: Fixed This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
Jesse Glick reopened JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext As mentioned in the PR, should never be sent back to the browser in plaintext does not seem to be satisfied. Change By: Jesse Glick (27/May/14 3:52 PM) Resolution: Fixed Status: Resolved Reopened This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne started work on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (28/May/14 2:43 AM) Status: Reopened InProgress This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne updated JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (28/May/14 2:43 AM) Assignee: rsandell rin_ne This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne stopped work on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Change By: rin_ne (28/May/14 2:53 AM) Status: InProgress Open This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne commented on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext PR: https://github.com/jenkinsci/gerrit-trigger-plugin/pull/158 This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne commented on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Secret.fromString() raises NPE when given parameter is null or empty string. It is inconvenient since SSH password accepts empty... This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
rin_ne edited a comment on JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Secret.fromString() raises NPE when given parameter is null or empty string. It is inconvenient since SSH password accepts empty. I don't know whether it is expected behavior or not... This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [gerrit-trigger] (JENKINS-23165) Config.gerritAuthKeyFilePassword stored in plaintext
Jesse Glick created JENKINS-23165 Config.gerritAuthKeyFilePassword stored in plaintext Issue Type: Bug Assignee: rsandell Components: gerrit-trigger Created: 23/May/14 11:22 AM Description: Secrets should never be stored in plaintext, and once stored, should never be sent back to the browser in plaintext. Declare the field and the bean property to be of type hudson.util.Secret, so it is protected by the master key. Form data binding with f:password and @DataBoundConstructor automatically deals with this; since you seem to be managing this form manually, just use fromString to convert an initially entered password, and for round-trips use getEncryptedValue and again fromString. XStream serialization will properly automatically. PR upon request. Project: Jenkins Labels: security Priority: Critical Reporter: Jesse Glick This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira -- You received this message because you are subscribed to the Google Groups Jenkins Issues group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
