Closed nupplaphil closed 2 years ago
anbraten
commented
2 years ago The spamming of * looks like some problem with the secrets filter which should prevent you from exposing them. We lately added some function to filter secrets on a new-line basis maybe that is the problem here. #671
The second error means there is somehow a problem when sending a log line from the agent to the server, but I am unsure where it comes from. Maybe some problem from the secrets filter as well.
anbraten
commented
2 years ago Could you provide us some information about the different types / formats of your secrets (e.g. ssh-key with new-lines, json format, ...)?
nupplaphil
commented
2 years ago codecov-token - push/pull_request - single
gpg_password - push/pull_request - single
gpg_key - push/pull_request - multi (rsa)
sftp_host - push/pull_request - single
sftp_user - push/pull_request - single
ssh_key - push/pull_request - multi (ec)
nupplaphil
commented
2 years ago jfyi: I deleted the multiline secrets and now it's working again
(Both errors are gone)
6543
commented
2 years ago @nupplaphil can you tell us related multi line secrets (just replace chars with other chars ... ) so spaces & newline are preserved
6543
commented
2 years ago PS: https://ci.friendi.ca/ is down
nupplaphil
commented
2 years ago I created a "fake" new key of GPG, having the same properties (pw-strength, rsa4096, ...) & length & export-type:
pgp_password: RVNre4#T>K<-&Gmw47.3JBHPfs/^<7}?
gpg_key:
-----BEGIN PGP PRIVATE KEY BLOCK-----
lQdGBGHkcwsBEAC3fnMGUGdTw5YBZ1OItXTL0jiGQm5G0/06LhBNvszYskF9ADfb
OUaYc7QEMUWxJWMugd3FNJZI+WqOrWLS/Xv+r5H/xwlLuhCGn7HWsSR+dS100oGF
p7VGWHnDCM1xCuVj6ESEWxhP2Jhwx0JkDxnlfHIm+pjwENDI8/E7umDItcLq31DV
PUuiHtB5YqpZ5R7l8LjfCrpqE16T/tm3Djzwb7T6PPvDG98jFkCCVLBvCuqTawF3
xuAfNOBUDSrVNCfR+CCBlvcP9DHhxwFRC3VN5N8eIpc/t9HJB+VJZtJgnKONXNBX
q5O8xR0S2rUmVf3uNdNVrs+YILQWgDdgZusYI0suHoooN4lg9yaEg0VQDbD7FP24
AAsrIPcCmqN9uLZ3f4KvkWN+YwIGU9/It8o8rcXQEmKFGitur5gnAobB/VYH2PlY
Aj1YO9CCKZHlI2U/oEK+z1hJVq+qbyLquvg45+DZsD6OeCUJw4ok5hfni/ieblcU
Dv3vlTWBkUbPeol/zRbPxz7OFHc9Ptd+7w5GXmgA4nMT1aDXk00X6eNsJ9lWRUHg
EXQ7hfzHvyJiTNO83SpH7CXlYvVRxFhIvno15BHs6T/d0X8Lxk4W0nVukcJdk51T
Lzrf3oTg4nSy/Bfc4VHFNz+xAkHcIeZPTN+Ir4yKXasVlc7TkyFW9Sem5wARAQAB
/gcDAoF8Sr+vkVrn/9FCjdxwYePUnztEv/GsFknRDAcLKC5nWp3HPe593ZULSR82
wKFCLYeBFo0xseCK6Uu1Jc0e6IaNmfPnV8LBM0yeRzTctAXscYyoO3KMGq7+yaJk
dzkZU3VT6XTGY02Jz5U93QeD8b7P+OuY5wOca8RUeAuN9aeOKF1m0dSKT39q9s7z
24ivkkLtWZ26Q/MHCIA6nfOheKusp1qCGIT8KoEsOYTtSH/1g+H+H2g9u/Z3y1Ee
wo+CVoOpituqMDH8W5hyc24e0FtH2Yntzf8C7PjaguqvBaTxexKt0UowMOei6yi0
TK1y2pxgMo96yyfhpS7b33OcH1wVOGjoYfVAKxsl0AkEvhJgNdnilRE7HuxGv3d2
VXYtVdDuZHBZneu9v3rDycOojXjQO+LYcCsciisVLYa2iqxO9N7wSFpLA7B84Lil
xp399x9l4p950xTrhF1N2GcdB+ag6DSvr2UR7L1kyJEJBPiSLj0KABlSiC3m4v0q
yc37/eDknRGAFDwt/UIVP9uwuLU77zgyX0yLGvUFOlUcXBYYSAk6Nj/ecperVvWT
FhlIVH2Lu9EmLaQHoQleRAdzZZb4WG6Iv3V9STUjqppMfZutSew+P4Bgk5BSYm0S
C8h1bpywRyRmulvcdFKzOJ50k/WOnIOLDc3oWK0qvDQZVKYJ9FTyF91OOOta2s14
r24CPfdxruKBYUjp+xrmgBsBG6av/U5xiDQbpVeTvN0N8mpwuFkNy3fTme1dfiSo
d30gUe8iwGN4UHE59OQzjrpYBB/HGrZxyf0xuiefMwQBPi13nNlp7LAjjob8DtnE
aTJMeKmQEMZseC/bawJKU6MEp4thp5zNMwIU3/DB8jiSV1LTqkkG3YrDEwb6mfHM
BnPj/A/REFKXbqrMCyFP0fzBxAmhBxvHYaiyEjNY5qIIecBBjIH+3ULv6ByP9O9I
p417IC2r0WKp8zHEU6d2idSNUBqm9QQdVNWSpoWZgX95Z8mVkeTwS1MbKALL8KfR
U8ObJCHtfqVtDi53qxGywJG7s4czIIW5M21NFdLN/+JYDdd/KsO1pw1hJ4ckogzJ
P3jn3Dd1lNZln3ERFLmRPTr7PHMup0YaM9llAP3QKaQRyObvZVdxSaMSir+6681S
jZfidQFYK0+AqvUCg6EdU9TA/9hMegy+0O3tkn2FHrG9TVfFO6VGLqbTyklX+YHL
9BULzVAa+GL8x4e8ejJZMhWakPNrFF8p/8tIQtSNwLb1rq+J0WVAaaSjgizyiWQN
HBsqz1mhKgNK2dCUL1D5WUSRbiQChP8Qcn6tmzf7mDnmPDu53Nn48JhaAlrDrb8q
Xt1sZlugwrvpPDgqbmwkLo6gWER8QIn9zgXNM+O0vXKJnZ1bQcF2FMoMLysV3vN5
7BG2m2a7ACdmZ23QxBhSnVskzKPDFs5CMIgSvJemVuT3MA+L4GWVaTsQrt7qL4xo
uBwZIp0eHsar+ahXXHRBV/r0lqcdp/HbGc2LntvXMiNeS5eHjMDAi8ebCY7KUWuV
XIp7Gj1s50jJlwYgQ0Tv1WoyBvVA0slCd0TfwpBjIiCARoQ/pTkAi1Y+1XSMiTM4
jyDG2PZ/3lOKOj/R/ZX32o+HlWE+giF3pzAfyZtah4MPkEUsjBfIBNA9Ru6fSYBw
Y0tFvBsmZdcqZsFx7eCJzxVtv+SkmpcMBMM6U8JgsjW2ogzyeyW3wv0UQ86gh9eg
J0Ksu4VahUmXwmqucKguRLuOJ+/oTqXWLTDn6Z0FcIzfDbq7pQi1qYy0MFRlc3Rf
RnJpZW5kaWNhIChUZXN0LWtleSkgPHRlc3RAZnJpZW5kaWNhLmxvY2FsPokCTgQT
AQoAOBYhBD18F/cooO0YYwKr1otKIckX11SmBQJh5HMLAhsDBQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAAAoJEItKIckX11Smb/oP+gOifVcwMKHOqOVSIGSFsO9aa0W4
5xTKK1wThH6lPfYLI87UJoj3TGTBlY4rX84OVEkEmVLIcYBaDDuZK9Tz2E5A05Gp
KLHdOP2SSKH0lLxmXtDrI28BjVgo5eW6tNRlZnJ4n69PHf304ZY+WictoUkkBEvE
GEa1y1fUK9MRv7nBhdVASv1tYMD9+MzWUWGy0BurdpgL6/rr3nsX7IPVR/RxZV1e
peiMJ0jSB1G84QIQElfnbj6W34s8i0qW/3KC2Aw7XvyG80cq892ZComHKY5JoSXg
PkvimWhJz1uH2lVcvbYI96SPEQOiHBOJUAs34opDojlwQL2ZKnf1msNfFi/DEHZi
kPo2z4pj1X4IlMXGAjwY4ZtoELx77WRsrcJf3m1FdSLmQ/U+i3sAwtCo/xlfGLNR
dYUR196xVGgo7UDmA9EqjZcXrKk4ErxLBHVkhdcu0BEIbgIC+zebALwH6Az2kEtS
O9UyEf/lFbMLHNHrM1Nez2TN7CXESw2Kk1R9mxlb4Vr3Fx32A0pbxdHEObYRoEkZ
Tt/qjhtx4mBEjrWVjVkBg9XuMdttPcQLL4L2XZ3+eRz3/3cF6unuJ/LBwudqvU0W
xv9eE/AZ6cZXXyA23MneNNJex1IdblKSw91iNdTAsNyoq7p+b/oiYad6alUiao+h
g/EhQolFjp/8ufmBnQdGBGHkcwsBEADHKdRdFTeOrf9Ii6/BsuktA9Rza7nfs6GG
StuqG9OhpQ0+2YEEidDm2VYGE5FbaI+wwhNjAkd4Ct0Y8gkH6Xq/w4atMwCIoIrc
LQxrPHWTB/5z7krgZJxdH+VUm4mDhhxiL5L4cGSv6yyP//dyxvut6d1Z8gsH9j8z
ZDN88gIPQy4GbiHzBT76dXFyu0wj6vMgG3wacUJXbRxnHx8NIKkWWkkKpWWDNgL9
GbxxLO46HsojY9IdvsWUX/BNkWAKtSmblb+eeSDsmnxMruwQqQUbbnudJ5PaUzGo
2sSDFsJHQydyMfkgnZ3EUR8La334/xtJo1+A116kCoda4jEMVobKzWds7QN6glSA
YKRu42Avg2XA+/QiFuraVOzwrUgcyzPegh0ePnjvK5J3+k7mUG9vDifC9Xm64T25
eKi38vS6vAgG8DQKXLQzTQSJijkvOYoVZ9vwF/TqAmAr/yhsO64UaIZehHFGjqht
L+Bvc4W3FA6AyIwc/At7dlrLhs0k25ztHEFdqH6kgY8i+7BB7e69X2L6dwMnlNVX
NMTK+Px9yJ3uCBGdw9wOy0rVVgN6oI5Y2hBkloi4Vwt25/DG/JB7cWBM4N2oCwmg
tzQiEsYpKZKfVyLIvXz5si8MvSeDpU9jjRBcg8UalbrZaqBrv/DqgwvOsVi+eK+y
o4CuahJ6/QARAQAB/gcDAqr/8oTuhUWM/6uPPmRnUp2/KiafpEYAyQjzy17Hx71Z
ZjA6CQ4F00Q1oBlEXfNOG6ypqRSed1AJW69H9/Z06OaHVae10rLEn6qdf3gDNSU9
pmqBr/pJvE6EJGjgot7jkYaC5cd5dTkF0SjyukMriex7nNvzIw25/3ZqAvF7k5+z
izIXoKd6NKOoUEckxlcb/ba9R/7kzF/KMFzRVo3YIkIjaXzBwRx2lz/HPT6TlQ0q
/mRgYauXdct49+3bSWUbYJeDh/PWLjGTlBCYGEiyUjU6jV+AaNTQ92S1NbAxZuYK
y9xzdsGRgO+/8YbLxWQYpyWQrD15iOt5Pnangxs0C4K+HYs8x+qU/bOg+KkSB0CY
XaxVyx1xlC9X2ltISQE7VCjaRnzq3cMr8F3KtNoSdbqrr73HwuRjbCxWsuhB5m8c
zO8yDdwVHiUSCCNjMGMi/q3r0NU49eZytcHSnpxWrpNwl1EE3bNQ2mPKWmuGbNVx
Hre3onIVZALHcPaPF/iGLh1joFGCalDYY3B0JEajAlvWWERAQIxaGR+Drobj4xsj
pmeiLdJ0dmMQMMWMZXUjXHMs7H07aNohaAUd3SNTKEQaNDZlwW1Jbse7SB2EsFG8
Pv6D2qXwRk+0CiYG3b0CkbdKOW1pWUV6cQhuc+Q38svJ8ys160J+RrOYX2ELcavv
vOwSqa37Pvwe2T7sf9pGI7fF7oFvm27nClnvIB08W2Kjn5usWCdK7viAuQZDOuhg
xKC4unZ/MGI34FDHoJwv9u3bwPHrpx0DfAniwo5M799YNmIuhX6WNwapq18VnUWb
2hUe7aHX+brgcFYhcxecIYtO9Hxrwxzb8XtEXYgEok/q3ccy3J/xB24zhIbuFPv9
XcDktvD4Az6zKFcXEUQwIXetlvGZOPr1qRI0IGyKkBHJ4i2VYFkseaHdJ+ao7OxF
wMvtXi9fphdUOJbZujmnWtosWpeFostPgsoVc6KE4jsWgC8uWz9UMiLPZztC429H
Us/gb7ITWT+utB7ZO2yOK2IKpwOB4WvTecFkCQKHkgvxdkDtEjXVntMthaeMCrKe
XmJ7ehWIGrjfO+cUdrocUHu137GcBPly737KOL1QfJ64h9ieiMz8wJELSsV88ij3
523QH0PgtUUmSUbmx8B15MDIZXKdfhwQtf4BQ/O2Ei4QjLvat6Xcp7fs8tp6QIwW
P2MS8XjAlveEFJppk4r9+uMraVPtPIeWf8TNn0Q66eDYdubJZOlk3KwlpWepJPje
YJk/YEeGLzDvGLBa0CVxWU1rIjBmzUGi4wcctUyGvQM7FdXHRHFMih6ScR/pa17d
p+qq3WxfD6tHOMbsNk/W8NwECEbQJS3/gC3GZNjI/LWAH5ZT7O8A6PKuDo7EriUb
QbYAuMGm4fhesjsQLYw/LTZoWRedU4b4Fb/ZwkcMJsT97Xh+QlaSI3yCvWpC73MJ
mGxnmdxS+Np8xqNhKl2WFJmH1lR2mFzINN7hoU2ZYNPaUJNfaVZLoYXaJQ/kHIWT
vP7XooF7qBduOgz6p6rVlWczLdkmTaxtV1aSoOy/AL0oirICGqFYAItLT8+hW4Mf
Bo5F35LvvGSkfeXOZkJpNiSysbbAsrnAZXIHaqxJT83eKNk+nGs8AgSFimQ5YFzx
ot7k73MqvkDL/3CpMhv0l8TfVK64jIowIQKQ0AVzaySvMHw/4feD/AJqxtU6QjSw
U5p1Rf32O+rdb+32EKGg+vBpeLh7aeIZwM7UqEjbNZ/zMwu0ghVV2XgA0zbOXQ0Y
PmrxotKJAjYEGAEKACAWIQQ9fBf3KKDtGGMCq9aLSiHJF9dUpgUCYeRzCwIbDAAK
CRCLSiHJF9dUpji6D/oDd91fLtCvcpr/TkYedyLzhdSlL0MuAIDz13MbLX7bltLO
PrZMh5TmSS4QKfwGyjQ3dhYEgLCg8/J3jdclKJaPJRHB79a0mei5yH+EG0RbqGkS
Z8M+5tf1V/VvqGisBnFs3bV/5Im3NIfsHT8TyRqSCDtb/nhrcxNI104H+zJ6O6Ml
GEb4sIVKAKm1++rxmOnB6MYFbGq2Q6DcWMzuAlE/8aWgcxgB0gtpYX6+fNBKLSOE
Su2oNTSfkNQdtcLR/QFzMiE+5NIJ4ke3xgv6J0HjPpOLIRI46qzbGYP4FfR/VRm2
7G1WZwKFDqIsTdXa+C1sCT//r3bqhdXeJ8WhInuFsFNguln6ie9lOtABGwg4d5Hp
ibol6JvseglRHT0mHLpaTLHDyxR6y9XVWyKVPkiYlYw9gioZ2SCkUMpYaZBnk6Hm
oMPqmPIyiMibKCt9W6bwzDBoZR5QHB9aU/97iQsbjZ7cjUBN92jXP71OJM88m0Go
EbIPFeReDusspWVgas2vLxG/fjcILgpZQeaeP6ILcMxikU54iwDcD1vUOIyVlAXv
2e/JZGgfhkyQ03KaZPjISqgBP8efPKtYYV8cp5/qh9dZ7mX897gd7E6GqrgYb/iL
9rkRBVHU7Ty8BSlC1vyvHTRFz6Ael9y75ebfGiaqPgyvtGZk28/u00ZjiA3eLA==
=4xbN
-----END PGP PRIVATE KEY BLOCK-----both errors are definitely caused by the gpg_key secret. I tried removing/adding some the secrets.
The ssh_key is working (ed25519 ssh-key), so these multiline secret is working (created a new one as an example):
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAM6FaulhsE7NIQ88+hRYiyLGgz1h+ebHbjtCCrihcGAgAAAJiORAc3jkQH
NwAAAAtzc2gtZWQyNTUxOQAAACAM6FaulhsE7NIQ88+hRYiyLGgz1h+ebHbjtCCrihcGAg
AAAEDNo+HGC/KzVBEiFAGVty1xDqezE98d/Q4lt9Wl5lbfrAzoVq6WGwTs0hDzz6FFiLIs
aDPWH55sduO0IKuKFwYCAAAAFU1laW4gVGVzdCBlZDI1NTE5IGtleQ==
-----END OPENSSH PRIVATE KEY-----Maybe the additional newline of the gpg key (\n\n) ?
nupplaphil
commented
2 years ago yes, it's the \n\n!
Try this test at replace_secrets_test.go:
{
log: "start log\ndone\nnow\nan\nmulti line secret!! ;)",
secrets: []string{"-----BEGIN PGP PRIVATE KEY BLOCK-----\n\nlQdGBGHkcwsB"},
expect: "start log\ndone\nnow\nan\nmulti line secret!! ;)",
}Output:
Error Trace: replace_secrets_test.go:35
Error: Not equal:
expected: "start log\ndone\nnow\nan\nmulti line secret!! ;)"
actual : "********s********t********a********r********t******** ********l********o********g********\n********d********o********n********e********\n********n********o********w********\n********a********n********\n********m********u********l********t********i******** ********l********i********n********e******** ********s********e********c********r********e********t********!********!******** ********;********)********"
Diff:
--- Expected
+++ Actual
@@ -1,5 +1,5 @@
-start log
-done
-now
-an
-multi line secret!! ;)
+********s********t********a********r********t******** ********l********o********g********
+********d********o********n********e********
+********n********o********w********
+********a********n********
+********m********u********l********t********i******** ********l********i********n********e******** ********s********e********c********r********e********t********!********!******** ********;********)********
Test: TestNewSecretsReplacer
Component
server, agent, web-ui
Describe the bug
I pulled the latest
woodpeckerci/woodpecker-serverandwoodpeckerci/woordpecker-agentsome hours ago, and there are two unwanted behaviors now:Log spammed with
*see https://ci.friendi.ca/friendica/friendica/build/124/8 Thestepoutput is now filled with*before and after each letter in the output, likeGPRC errors The log is filled with the same error
src/pipeline/rpc/client_grpc.go:287 > grpc error: log(): code: Internal: rpc error: code = Internal desc = grpc: error while marshaling: string field contains invalid UTF-8 error="rpc error: code = Internal desc = grpc: error while marshaling: string field contains invalid UTF-8"all over, likeSystem Info
Additional context
No response
Validations