diff --git a/src/main/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStep.java b/src/main/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStep.java index 43721c66..5a850191 100644 --- a/src/main/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStep.java +++ b/src/main/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStep.java @@ -12,6 +12,7 @@ import hudson.model.ParameterDefinition; import hudson.model.ParameterValue; import hudson.model.ParametersDefinitionProperty; +import hudson.model.PasswordParameterDefinition; import hudson.model.PasswordParameterValue; import hudson.model.Queue; import hudson.model.Run; @@ -127,7 +128,13 @@ public static class DescriptorImpl extends StepDescriptor implements CustomDescr if (d == null) { throw new IllegalArgumentException("No such parameter definition: " + name); } - ParameterValue parameterValue = d.createValue(req, jo); + ParameterValue parameterValue; + if (d instanceof PasswordParameterDefinition) { + parameterValue = req.bindJSON(PasswordParameterValue.class, jo); + parameterValue.setDescription(d.getDescription()); + } else { + parameterValue = d.createValue(req, jo); + } if (parameterValue != null) { values.add(parameterValue); } else { diff --git a/src/test/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStepTest.java b/src/test/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStepTest.java index 076b9a69..7a480d8e 100644 --- a/src/test/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStepTest.java +++ b/src/test/java/org/jenkinsci/plugins/workflow/support/steps/build/BuildTriggerStepTest.java @@ -41,6 +41,7 @@ import java.util.Set; import java.util.logging.Level; import java.util.stream.Collectors; + import jenkins.branch.MultiBranchProjectFactory; import jenkins.branch.MultiBranchProjectFactoryDescriptor; import jenkins.branch.OrganizationFolder; @@ -804,6 +805,19 @@ public void buildStepDocs() throws Exception { j.assertLogContains("Credential: credential-id", ds.getBuildByNumber(1)); } + @Issue("SECURITY-2519") + @Test public void generateSnippetForBuildTriggerWhenDefaultPasswordParameterThenDoNotReturnRealPassword() throws Exception { + SnippetizerTester st = new SnippetizerTester(j); + FreeStyleProject us = j.createProject(FreeStyleProject.class, "project1"); + us.addProperty(new ParametersDefinitionProperty( + new PasswordParameterDefinition("password", "mySecret", "description") + )); + + String snippet = "build job: 'project1', parameters: [password(name: 'password', description: 'description', value: '" + PasswordParameterDefinition.DEFAULT_VALUE + "')]"; + + st.assertGenerateSnippet("{'stapler-class':'" + BuildTriggerStep.class.getName() + "', 'job':'project1', 'parameter': {'name': 'password', 'description': 'description', 'value': '" + PasswordParameterDefinition.DEFAULT_VALUE + "'}}", snippet, us.getAbsoluteUrl() + "configure"); + } + private static ParameterValue getParameter(Run run, String parameterName) { return run.getAction(ParametersAction.class).getParameter(parameterName); }