We have a strange bug.
Pipeline step includes next command:
- npm i --save-dev @angular/cli@latest
And the list of repository variables includes the next variable name with value:
The pipeline log shows next:
Could you please explain why it happening?
I can see in the screenshot that the "test" part of the command gets replaced with the variable name, and I believe this is happening because the value of this variable is "test" and it is a secured variable.
From our documentation:
Pipelines masks all occurrences of a secure variable's value in your log files, regardless of how that output was generated.
If you have secure variable value set to a common word, that word will be replaced with the variable name anywhere it appears in the log file. Secured variables are designed to be used for unique authentication tokens and passwords and so are unlikely to be also used in clear text.
You can check our doc for reference:
Please feel free to let me know if you have any questions.
Thank you for your reply.
I see what you talking about but i assume you confused a bit.
The only (at least should be) way to replace something in the pipeline (and to see it in log) i need to invoke the variable. For example the variable "test" has value "valueOfTestVar" and the script is: echo $test
In this case i will see the value of "test" variable like valueOfTestVar if this variable exists and has not secured value. If the value is secured i will see $test as the result.
But in my code i`m not invoking test variable and do not have any variable with the name test. And any variable in the script should not be searched by its Value and replaced by value Name.
The value of any secured variable is masked in the Pipelines log, regardless of how it was generated.
In your example, if "test" is a secured variable, with the value "valueOfTestVar", then any occurrence of "valueOfTestVar" in the output of the Pipelines log will be replaced with $test, regardless of whether the value appears because you invoked $test or because it was generated in the output in a different way.
I can open a feature request to change this behavior, but at the moment the output in the Pipelines log file is searched for the value of any secured variable, and if any is found, then it is replaced with the variable name.
Please feel free to let me know if you'd like me to open the feature request for our development team to consider changing this.
On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link. We've seen a number of questions already asking for...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events