Sonar Jenkins

Jenkins Sonar plugin cannot connect to Sonar database, as the password is stored as a hash

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Blocker Blocker
  • Resolution: Fixed
  • Affects Version/s: 1.7
  • Fix Version/s: 1.7.1
  • Labels:
    None
  • Environment:
    Debian GNU/Linux squeeze
    Jenkins 1.436
    Jenkins Sonar plugin 1.7
    PostgreSQL 8.4
    Sonar 2.8
  • Number of attachments :
    0

Description

On Jenkins 1.436, after an upgrade to sonar plugin v1.7.

In hudson.plugins.sonar.SonarPublisher.xml, the password is written hashed. As the plugin needs to read it in order to connect to the database, is should be readable.

This hash is performed each time Jenkins restarts
After nth Jenkins restart: <databasePassword>cmVjZXR0ZQ==</databasePassword>
After n+1th Jenkins restart: <databasePassword>Y21WalpYUjBaUT09</databasePassword>
After n+2th Jenkins restart: <databasePassword>WTIxV2FscFlVakJhVVQwOQ==</databasePassword>
etc.

Workaround: re-set (i.e. in memory) database password after each Jenkins restart.

Thanks for this plugin, by the way.

Issue Links

relates to

Bug - A problem which impairs or prevents the functions of the product. SONARJNKNS-160 Use scrambled password

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Evgeny Mandrikov added a comment -

Fixed in 9bffdbb.

Show
Evgeny Mandrikov added a comment - Fixed in 9bffdbb .
Hide
Permalink
Eric Hartmann added a comment -

I've tested the fix committed by Evgeny.
The new version will be released today.

Show
Eric Hartmann added a comment - I've tested the fix committed by Evgeny. The new version will be released today.

People

  • Assignee:
    Evgeny Mandrikov
    Reporter:
    Sylvain Veyrie
Vote (1)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: