use hudson.util.Secret as a makrer type for sensitive data and never expose unencrypted value

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2018-09-25 12:18:16 +02:00 · 2018-09-25 12:18:16 +02:00 · 11fd45b674
parent 41e9ad8979
commit 11fd45b674
2 changed files with 5 additions and 1 deletions
--- a/integrations/src/test/java/io/jenkins/plugins/casc/SystemCredentialsTest.java
+++ b/integrations/src/test/java/io/jenkins/plugins/casc/SystemCredentialsTest.java
@ -59,7 +59,7 @@ public class SystemCredentialsTest {
        ConfiguratorRegistry registry = ConfiguratorRegistry.get();
        final ConfigurationContext context = new ConfigurationContext(registry);
        final CNode node = context.lookup(up.getClass()).describe(up, context);
-        assertEquals("1234", node.asMapping().getScalarValue("password"));
+        assertThat(node.asMapping().getScalarValue("password"), not(equals("1234")));


        List<CertificateCredentials> certs = CredentialsProvider.lookupCredentials(
--- a/plugin/src/main/java/io/jenkins/plugins/casc/impl/configurators/PrimitiveConfigurator.java
+++ b/plugin/src/main/java/io/jenkins/plugins/casc/impl/configurators/PrimitiveConfigurator.java
@ -1,5 +1,6 @@
 package io.jenkins.plugins.casc.impl.configurators;

+import hudson.util.Secret;
 import io.jenkins.plugins.casc.Attribute;
 import io.jenkins.plugins.casc.ConfigurationContext;
 import io.jenkins.plugins.casc.Configurator;
@ -90,6 +91,9 @@ public class PrimitiveConfigurator implements Configurator {
        if (instance instanceof Boolean) {
            return new Scalar((Boolean) instance);
        }
+        if (instance instanceof Secret) {
+            return new Scalar(((Secret) instance).getEncryptedValue());
+        }
        if (target.isEnum()) {
            return new Scalar((Enum) instance);
        }