serverhorror
commented
11 months ago Not sure how to test this, if anyone has a project where this can be tested easily that is of great help
@braisvq1996
Closed serverhorror closed 11 months ago
serverhorror
commented
11 months ago Not sure how to test this, if anyone has a project where this can be tested easily that is of great help
@braisvq1996
serverhorror
commented
11 months ago For reference, this is based on the suggestions in here:
BraisVQ
commented
11 months ago Not sure how to test this, if anyone has a project where this can be tested easily that is of great help
@braisvq1996
This happens in Component pipeline so it should be fairly easy to test
BraisVQ
commented
11 months ago Something does not seem right, now I am getting error 401
curl --fail -sS --request PUT --header 'Authorization: Bearer ****' --header 'Content-Type: application/json' --datacurl --fail -sS --request PUT --header 'Authorization: Bearer ' --header 'Content-Type: application/json' --dataBraisVQ
commented
11 months ago Following Jenkins documentation I was not able to avoid String Interpolation in any way. The only way I was able to is like this:
script.sh(
label: 'Create Bitbucket Code Insight report via API',
script: "curl " +
"--fail " +
"-sS " +
"--request PUT " +
"--header 'Authorization: Bearer ${token}' " +
"--header 'Content-Type: application/json' " +
"--data '${payload}' " +
"${bitbucketUrl}/rest/insights/1.0/projects/${project}/\
repos/${repo}/commits/${gitCommit}/reports/${data.key}"
)String in the code:
"--header 'Authorization: Bearer \${token}' " +
// ^^^That should have made Groovy avoid string interpolation and pass it to the shell.
Is it just component pipeline with any component?
serverhorror
commented
11 months ago @braisvq1996 I think I got it.
serverhorror
commented
11 months ago fix #1030
fixes Insecure bash secret usage in bash script #1030
fix #1030