From 8815a13e38a180b6ed85ab421f7be6cadea2b603 Mon Sep 17 00:00:00 2001 From: vrenjith Date: Fri, 25 Jul 2025 09:50:54 +0530 Subject: [PATCH 1/5] Allow to control logging of masking message --- .../plugins/credentialsbinding/impl/BindingStep.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java index a04497ac..c183b1d3 100644 --- a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java +++ b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java @@ -73,6 +73,7 @@ public final class BindingStep extends Step { private final List bindings; + private String disableSecurityLogging = System.getenv("DISABLE_SECURITY_LOGGING").equalsIgnoreCase("false"); @DataBoundConstructor public BindingStep(List bindings) { this.bindings = bindings; @@ -137,9 +138,11 @@ private void doStart() throws Exception { } if (!secretOverrides.isEmpty()) { boolean unix = launcher == null || launcher.isUnix(); - listener.getLogger().println("Masking supported pattern matches of " + secretOverrides.keySet().stream().map( - v -> unix ? "$" + v : "%" + v + "%" - ).collect(Collectors.joining(" or "))); + if (!disableSecurityLogging) { + listener.getLogger().println("Masking supported pattern matches of " + secretOverrides.keySet().stream().map( + v -> unix ? "$" + v : "%" + v + "%" + ).collect(Collectors.joining(" or "))); + } } getContext().newBodyInvoker(). From 31c183247126424c76b9a644b4998d60ad1f5529 Mon Sep 17 00:00:00 2001 From: vrenjith Date: Fri, 25 Jul 2025 17:39:17 +0530 Subject: [PATCH 2/5] Update BindingStep.java --- .../jenkinsci/plugins/credentialsbinding/impl/BindingStep.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java index c183b1d3..2354a68d 100644 --- a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java +++ b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java @@ -73,7 +73,7 @@ public final class BindingStep extends Step { private final List bindings; - private String disableSecurityLogging = System.getenv("DISABLE_SECURITY_LOGGING").equalsIgnoreCase("false"); + private boolean disableSecurityLogging = System.getenv("DISABLE_SECURITY_LOGGING").equalsIgnoreCase("false"); @DataBoundConstructor public BindingStep(List bindings) { this.bindings = bindings; From c9363c24a79e31b2805b679c3d2e66045f0faad0 Mon Sep 17 00:00:00 2001 From: vrenjith Date: Fri, 25 Jul 2025 17:46:54 +0530 Subject: [PATCH 3/5] Update BindingStep.java --- .../jenkinsci/plugins/credentialsbinding/impl/BindingStep.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java index 2354a68d..11d2df31 100644 --- a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java +++ b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java @@ -73,7 +73,6 @@ public final class BindingStep extends Step { private final List bindings; - private boolean disableSecurityLogging = System.getenv("DISABLE_SECURITY_LOGGING").equalsIgnoreCase("false"); @DataBoundConstructor public BindingStep(List bindings) { this.bindings = bindings; @@ -103,6 +102,7 @@ private static final class Execution extends AbstractStepExecutionImpl { private static final class Execution2 extends GeneralNonBlockingStepExecution { private static final long serialVersionUID = 1; + private static final boolean disableSecurityLogging = System.getenv("DISABLE_SECURITY_LOGGING").equalsIgnoreCase("false"); private transient BindingStep step; From 62c32018b0624cd40e6240117aa9cad1b2f28769 Mon Sep 17 00:00:00 2001 From: vrenjith Date: Fri, 25 Jul 2025 18:48:22 +0530 Subject: [PATCH 4/5] Update BindingStep.java --- .../jenkinsci/plugins/credentialsbinding/impl/BindingStep.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java index 11d2df31..9e6ce469 100644 --- a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java +++ b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java @@ -102,7 +102,7 @@ private static final class Execution extends AbstractStepExecutionImpl { private static final class Execution2 extends GeneralNonBlockingStepExecution { private static final long serialVersionUID = 1; - private static final boolean disableSecurityLogging = System.getenv("DISABLE_SECURITY_LOGGING").equalsIgnoreCase("false"); + private static final boolean disableSecurityLogging = "false".equalsIgnoreCase(System.getenv("DISABLE_SECURITY_LOGGING")); private transient BindingStep step; From 336047874b7012afe986ecd592e68d2a24c276c7 Mon Sep 17 00:00:00 2001 From: vrenjith Date: Fri, 25 Jul 2025 21:42:47 +0530 Subject: [PATCH 5/5] Update BindingStep.java --- .../plugins/credentialsbinding/impl/BindingStep.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java index 9e6ce469..34dffe1f 100644 --- a/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java +++ b/src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/BindingStep.java @@ -34,6 +34,7 @@ import hudson.model.Run; import hudson.model.TaskListener; import hudson.util.Secret; +import jenkins.util.SystemProperties; import java.io.ObjectStreamException; import java.io.OutputStream; import java.io.Serializable; @@ -102,7 +103,7 @@ private static final class Execution extends AbstractStepExecutionImpl { private static final class Execution2 extends GeneralNonBlockingStepExecution { private static final long serialVersionUID = 1; - private static final boolean disableSecurityLogging = "false".equalsIgnoreCase(System.getenv("DISABLE_SECURITY_LOGGING")); + private static final boolean enableMaskLogging = SystemProperties.getBoolean(BindingStep.class.getName() + ".ENABLE_MASK_LOGGING", true); private transient BindingStep step; @@ -138,7 +139,7 @@ private void doStart() throws Exception { } if (!secretOverrides.isEmpty()) { boolean unix = launcher == null || launcher.isUnix(); - if (!disableSecurityLogging) { + if (enableMaskLogging) { listener.getLogger().println("Masking supported pattern matches of " + secretOverrides.keySet().stream().map( v -> unix ? "$" + v : "%" + v + "%" ).collect(Collectors.joining(" or ")));