Bad escaping in JSON output.

jenkinsci / generic-webhook-trigger-plugin

Can receive any HTTP request, extract any values from JSON or XML and trigger a job with those values available as variables. Works with GitHub, GitLab, Bitbucket, Jira and many more.

https://plugins.jenkins.io/generic-webhook-trigger

404 stars 159 forks source link

Bad escaping in JSON output. #189

Closed eonil closed 3 years ago

eonil commented 3 years ago

I am capturing whole GitHub web hook payload using this plug-in. Now GitHub payload can contain various text from PR, and it sometimes contain control characters (e.g. new line, \n), escaping sequence (e.g \/ or /\) emojis (e.g. 😀). Currently This plug-in is printing those characters as-is whiteout proper escaping. As a result, printed JSON is different with raw JSON sent from GitHub, and broken. JsonLint and jq both fails with errors about control character or badly escaped character errors.

Plugin version used: 1.72
Jenkins version used: 2.235.5
Free-form job.
I capture whole post-content parameter $ from GitHub WebHook. (captured whole payload)

Please fix missing proper JSON character escaping on captured variable output. ("Post content parameters) Thanks.

tomasbjerre commented 3 years ago

The post content is read here: https://github.com/jenkinsci/generic-webhook-trigger-plugin/blob/00f71eeba5e01259a0a77c6246c81e9cb1db43e8/src/main/java/org/jenkinsci/plugins/gwt/GenericWebHookRequestReceiver.java#L55

And the $ is treated as a special case, content is not modified: https://github.com/jenkinsci/generic-webhook-trigger-plugin/blob/00f71eeba5e01259a0a77c6246c81e9cb1db43e8/src/main/java/org/jenkinsci/plugins/gwt/resolvers/PostContentParameterResolver.java#L92

And later contributed to the build: https://github.com/jenkinsci/generic-webhook-trigger-plugin/blob/00f71eeba5e01259a0a77c6246c81e9cb1db43e8/src/main/java/org/jenkinsci/plugins/gwt/GenericWebhookEnvironmentContributor.java#L44

I see no problems here. Can you provide a pipeline example showing your problem?

eonil commented 3 years ago

I'm sorry I can't post my pipeline as it is in my workplace and I'm not allowed to expose it to public. I'll make a personal Jenkins instance to reproduce issue and attach the configuration here.

My original intention was capturing raw payload as-is sent from GitHub. Once I get full payload JSON, I can freely query desired value from there.

Thanks for quick response anyway!

eonil commented 3 years ago

I investigated this issue further, and I found that was caused by my bad shell script, not a bug in your plugin. I'm sorry and closing this issue. Thanks for great work!