JazzJBE adapter print out clear-text password when JBE command encountered error
We are using ".source JazzJBE" in Build Forge 7.1.35 step.
As for security required, we hid the password variable (Build_Password) in the build log.
It works fine when there is no error. But JazzJBE has a critical problem that it will print out the password variable directly without masked.
You can find the password masked in the command line "EXEC -userId rtcBuildUser -pass ***** -repository https://99.10.100.6:9443/ccm ......" and also you can find the password unmasked in the line of "EXEC -pass mybuildPassword"
The build forge log is as below:
=======================
INT 正在 C:/Program Files/IBM/Build Forge/interface. 中寻找 dtd。
INT 正在创建适配器决策逻辑。
INT 正在准备适配器命令集。
INT 正在使用缺省适配器入口点。
INT 正在预解析命令集:[$Build_Engine_Path/jbe -userId $Build_User -pass $Build_Password -repository $Repository_Address -buildResultUUID $buildResultUuid -engineUUID $engineUUID -participants com.ibm.team.build.jazzscm -noComplete -verbose],正在使用参数:“''”。
INT 命令集解析为:[echo STARTBFBomPlaceholder249764964bomp2]
INT 命令集解析为:[检测到隐藏的变量]
INT 命令集解析为:[echo ENDBFBomPlaceholder249764964bomp2]
EXEC STARTBFBomPlaceholder249764964bomp2
EXEC 提供的参数:
EXEC -userId rtcBuildUser -pass ***** -repository https://99.10.100.6:9443/ccm -buildResultUUID _PasughELEeae6MpfkeM4JQ -engineUUID _IHx4wB52EeSSm55fTAVruQ -participants com.ibm.team.build.jazzscm -noComplete -verbose
EXEC Java 版本:
EXEC Java(TM) SE Runtime Environment (V1.6.0_45-b06)
EXEC 引擎捆绑软件版本:
EXEC com.ibm.team.build.engine 和 3.0.800.v20131212_0158
EXEC 2016-05-03 16:47:05 [Jazz Build Engine] 正在搜索 buildResultUUID=_PasughELEeae6MpfkeM4JQ
EXEC 2016-05-03 16:47:05 [Jazz Build Engine] 指定了 -noComplete 参数。JBE 将不会完成构建结果。
EXEC 2016-05-03 16:47:05 [Jazz Build Engine] 正在只构建指定的参与者:“[com.ibm.team.build.jazzscm]”
EXEC 2016-05-03 16:47:05 [Jazz Build Engine] 未使用代理来访问 https://99.10.100.6:9443/ccm
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 正在搜索构建请求...
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 找到构建定义“P1604941_LF31_GMS_SE”的 用户 请求。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.cmdline”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.ant”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.maven”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.junit.publishing”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.jdt.publishing”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.msbuild”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.mstest.config”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.nunit.config”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.autoDeliver”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 未在 -participants 列表中指定构建参与者“com.ibm.team.build.udeploy”。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 应该执行构建吗?
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 是:始终构建用户发起的请求。
EXEC 2016-05-03 16:47:08 [Jazz Build Engine] 正在调用构建前参与者“com.ibm.team.build.jazzscm”
EXEC 2016-05-03 16:47:24 [Jazz Build Engine] 单一构建请求已完成,正在退出 JBE,RC 为 1。
EXEC CRRTC3529W: 已完成执行 Jazz Build Engine,返回码不为 0 (RC=1)。
EXEC Jbe:
EXEC Java was started but returned exit code=1
EXEC -Dosgi.requiredJavaVersion=1.6
EXEC -Djava.class.path=C:\IBM-Tools\RTC-BuildSystem-Toolkit-Win-4.0.6\jazz\buildsystem\buildengine\eclipse/plugins\org.eclipse.equinox.launcher_1.1.1.R36x_v20101122_1400.jar
EXEC -os win32
EXEC -ws win32
EXEC -arch x86
EXEC -showsplash
EXEC -launcher C:\IBM-Tools\RTC-BuildSystem-Toolkit-Win-4.0.6\jazz\buildsystem\buildengine\eclipse/jbe.exe
EXEC -name Jbe
EXEC --launcher.library C:\IBM-Tools\RTC-BuildSystem-Toolkit-Win-4.0.6\jazz\buildsystem\buildengine\eclipse/plugins\org.eclipse.equinox.launcher.win32.win32.x86_1.1.2.R36x_v20101222\eclipse_1312.dll
EXEC -startup C:\IBM-Tools\RTC-BuildSystem-Toolkit-Win-4.0.6\jazz\buildsystem\buildengine\eclipse/plugins\org.eclipse.equinox.launcher_1.1.1.R36x_v20101122_1400.jar
EXEC -userId rtcBuildUser
EXEC -pass mybuildPassword
EXEC -repository https://99.10.100.6:9443/ccm
EXEC -buildResultUUID _PasughELEeae6MpfkeM4JQ
EXEC -engineUUID _IHx4wB52EeSSm55fTAVruQ
EXEC -participants com.ibm.team.build.jazzscm
EXEC -noComplete
EXEC -verbose
EXEC -vm C:\IBM-Tools\jdk1.6.0_45\jre\bin\client\jvm.dll
EXEC -vmargs
EXEC -Dosgi.requiredJavaVersion=1.6
EXEC -Djava.class.path=C:\IBM-Tools\RTC-BuildSystem-Toolkit-Win-4.0.6\jazz\buildsystem\buildengine\eclipse/plugins\org.eclipse.equinox.launcher_1.1.1.R36x_v20101122_1400.jar
EXEC ENDBFBomPlaceholder249764964bomp2
RESULT 0
INT 行 [CRRTC3529W: 已完成执行 Jazz Build Engine,返回码不为 0 (RC=1)。] 与模式“RC\=[1]”匹配。
INT 临时变量“Failure”已设置为 [\nTRUE]。
INT 变量 [Failure] 上的文本操作将步骤状态设置为“F”。
One answer
Hi Richar,
Try encrypting the build user password, by creating password file and see it will help. Please find the link below.
https://jazz.net/help-dev/clm/index.jsp?re=1&topic=/com.ibm.team.build.doc/topics/tcreatepasstxt.html&scope=null
Regards,
Arun.
Try encrypting the build user password, by creating password file and see it will help. Please find the link below.
https://jazz.net/help-dev/clm/index.jsp?re=1&topic=/com.ibm.team.build.doc/topics/tcreatepasstxt.html&scope=null
Regards,
Arun.
Comments
To expand a little on this, the password property is protected in Build Forge so Build Forge knows that the property is hidden. However once it is fed into JBE it doesn't have the protection anymore. When an error occurs in the JBE it will spit out all the properties used to start it so you can debug the problem. If you provide a password parameter then it will be included. Build Forge doesn't know that that value maps to the hidden property it just knows it was output from the JBE. So using the password file will fix this by never actually exposing the password as a property.
~Spencer
1 vote
Hi Arun,
Thank you so much for your help and information.
It seems that encrypting password into a text file is not fit to this scenario. We are using RTC and Build Forge for continuous integration . Developers request build from RTC and the build steps is in build forge. One of the steps in build forge project is using ".source JazzJBE" to accept the changes and download the source code.
In this scenario, it seems that we could not use password file. We could only set the Variables in build forge environment for the project, such as "$Build_User,$Build_Password,$Repository_Address" . In build forge environment, we could set a variable as hidden and doesn't display. It almost works fine except that ".source JazzJBE" command ran into error itself, then the "hidden" password(as it should been) will be printed out as clear-text. If there is nothing to configure for this case, I believe it's a bug for JazzJBE adapter in build forge and RTC.
Hi Spencer,
Thank you very much.
Could you give me some advice about how to use the password file in build forge adapter "JazzJBE" ? (as it actually uses as a command ".source JazzJBE" in a build forge step in the project).
Best regards,
Richar
Create a new adaptor, use the JazzJBEv2 template, and save it as a new adaptor.
Then open the new adaptor and find the line:
<execute>$Build_Engine_Path/jbe -userId $Build_User -pass $Build_Password -repository $Repository_Address -buildResultUUID $buildResultUUID -engineID $engineID -participants com.ibm.team.build.jazzscm -noComplete -verbose</execute>
Edit that line to use the password file instead of the -pass.
@Spencer, Thank you so much, let me have a try, will update the result later.
This was escalated: ER 50959.
Escalation update: Add the following to the jbe.ini:
-Declipse.exitdata="JBE Terminated". The property dump from Eclipse
will be overwritten with the value for eclipse.exitdata
showing 5 of 7
show 2 more comments