[FIXED JENKINS-43857] Mask Secret parameters in InputSubmittedAction

src/main/java/org/jenkinsci/plugins/workflow/support/steps/input/InputSubmittedAction.java

@@ -24,6 +24,7 @@
 
 package org.jenkinsci.plugins.workflow.support.steps.input;
 
+import hudson.util.Secret;
 import org.jenkinsci.plugins.workflow.actions.PersistentAction;
 
 import javax.annotation.CheckForNull;
@@ -46,7 +47,15 @@ public class InputSubmittedAction implements PersistentAction {
     public InputSubmittedAction(String approver, @CheckForNull Map<String,Object> parameters) {
         this.approver = approver;
         if (parameters != null) {
-            this.parameters.putAll(parameters);
+            for (Map.Entry<String,Object> entry : parameters.entrySet()) {
+                String k = entry.getKey();
+                Object v = entry.getValue();
+                if (v instanceof Secret) {
+                    this.parameters.put(k, "******");
+                } else {
+                    this.parameters.put(k, v);
+                }
+            }
         }
     }
 

src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepTest.java

@@ -76,7 +76,7 @@ public void parameter() throws Exception {
         WorkflowJob foo = j.jenkins.createProject(WorkflowJob.class, "foo");
         foo.setDefinition(new CpsFlowDefinition(StringUtils.join(Arrays.asList(
                 "echo('before');",
-                "def x = input message:'Do you want chocolate?', id:'Icecream', ok: 'Purchase icecream', parameters: [[$class: 'BooleanParameterDefinition', name: 'chocolate', defaultValue: false, description: 'Favorite icecream flavor']], submitter:'alice';",
+                "def x = input message:'Do you want chocolate?', id:'Icecream', ok: 'Purchase icecream', parameters: [[$class: 'BooleanParameterDefinition', name: 'chocolate', defaultValue: false, description: 'Favorite icecream flavor'], [$class: 'PasswordParameterDefinition', name: 'password', defaultValue: 'defaultPassword', description: 'A password']], submitter:'alice';",
                 "echo(\"after: ${x}\");"),"\n"),true));
 
 
@@ -95,7 +95,7 @@ public void parameter() throws Exception {
 
         InputStepExecution is = a.getExecution("Icecream");
         assertEquals("Do you want chocolate?", is.getInput().getMessage());
-        assertEquals(1, is.getInput().getParameters().size());
+        assertEquals(2, is.getInput().getParameters().size());
         assertEquals("alice", is.getInput().getSubmitter());
 
         j.assertEqualDataBoundBeans(is.getInput().getParameters().get(0), new BooleanParameterDefinition("chocolate", false, "Favorite icecream flavor"));
@@ -122,7 +122,10 @@ public void parameter() throws Exception {
 
         // make sure 'x' gets assigned to false
         System.out.println(b.getLog());
-        assertTrue(b.getLog().contains("after: false"));
+        // TODO: Should we be masking Secrets?
+        assertTrue(b.getLog().contains("after: "));
+        assertTrue(b.getLog().contains("password:defaultPassword"));
+        assertTrue(b.getLog().contains("chocolate:false"));
 
         //make sure the approver name corresponds to the submitter
         ApproverAction action = b.getAction(ApproverAction.class);
@@ -143,9 +146,11 @@ public boolean apply(@Nullable FlowNode input) {
 
         assertEquals("alice", inputSubmittedAction.getApprover());
         Map<String,Object> submittedParams = inputSubmittedAction.getParameters();
-        assertEquals(1, submittedParams.size());
+        assertEquals(2, submittedParams.size());
         assertTrue(submittedParams.containsKey("chocolate"));
         assertEquals(false, submittedParams.get("chocolate"));
+        assertTrue(submittedParams.containsKey("password"));
+        assertEquals("******", submittedParams.get("password"));
     }
 
     @Test