I am currently facing an issue, where I have to use parameters and credentials in the same shell string, which is causing me a lot of trouble.
When handling passwords in Jenkins the documentation emphasizes the use of single quotes to avoid the interpolation of sensitive variables:
Double quote example:
Single quote example:
However, using single quotes will result in my parameters not being interpolated as showed in the below picture:
Thus, I can't find a solution which allows my to have both, and as I see it, this leaves me with one of the following options:
I can choose to use single quotes, which result in my credentials
being masked but my parameters are not interpolated.
I can choose to use double quotes however, my username and password
are no longer masked but my parameters are being interpolated.
Do someone know if it is possible to have both in the same string or know some sort of workaround?
You can use double quotes, but escape the $ for the secret variables like this:
sh("curl -u \$USERNAME:\$PASSWORD ${url}")
You can also use single quotes:
sh('curl -u $USERNAME:$PASSWORD ' + url)
You can use it with withCredentials().
Related
I am writing from scratch a Twitter client and one of the requisites is not using Twitter gems, so I must create my own requests.
Twitter API documentation says here that I must have a Authorization header like this:
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
As you may see I must have something like oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog" with the second part in quotes. I tried using %Q like in
["oauth_consumer_key",%Q( Figaro.env.TWITTER_ACCESS_TOKEN )].join('=')
assuming %Q would return a quoted string. but when I inspect the value, all I get is
oauth_consumer_key=xvz1evFS4wEEPTGEFPHBog
which, obviously, is different from the required result.
What am I missing?
1. My solution:
'oauth_consumer_key="#{Figaro.env.TWITTER_ACCESS_TOKEN}"'
2. Why:
%Q() basically replaces the variable with double quotes "", it is literally the same as if you wrote "Figaro.env.TWITTER_ACCESS_TOKEN"
In fact, to display the content of a variable, you have to use interpolation
instead of the name itself, using "#{var}".
You can also use %Q directly with interpolation using %Q{var} (note {} instead of ()).
Your problem is elsewhere: with the join() method. It's getting rid of double quotes. In that case doing ["var", var].join('=') and ["var", %Q{var}].join('=') ends doing exactly the same thing but more complicated.
#Artem Ignatiev's solution should works. But if you need to be more readable, you don't even need to join, imho, it makes sense only when you are using more than two variables.
For instance, I will use something like 'oauth_consumer_key="#{var}"' mixing single and double quote to make sure it causes no confusions.
If you do need to use %Q() and join, you can still use ["oauth_consumer_key", %Q("#{Figaro.env.TWITTER_ACCESS_TOKEN})].join('=').
Note that because of the join you can use single quote interpolation %q or double quote interpolation %Q without affecting the ends results:
e.g
['oauth_consumer_key', %q("#{var}")].join('=') == ["oauth_consumer_key", %Q("#{var}")].join('=')
%Q(x) is basically the same as "x".
To achieve the desired result you have to manually introduce quotes into %Q expression, like this: %Q("#{Figaro.env.TWITTER_ACCESS_TOKEN}")
I'm integrating slack with jenkins to use slash commands and want to know if slash commands have variables
What I want to do is something like this;
/this_word_should_be_in_the_url word
and the be able to use word in the URL the slash command will call.
On their page they have something like /weather 94070
Do I have access to the 94070 and somehow set is as a query parameter for the URL.
Is this possible?
Can't find any documentation of this.
Thanks.
Yes. You will have access to the word as per the example that you mentioned.
So for example, if you have the following:
/this_word_should_be_in_the_url word
Then there will be an additional query parameter named text that will contain everything else after the slash command. If you just have one parameter then it should be simple to just trim and use the text query parameter but if you have multiple words and need to split them into something more meaningful, then you might have to use some regex or simple string split function.
It is documented at How do commands work. In this section they have provided the various query parameters that will get passed to your Slash Command External URL. For the weather example, the data posted as per the documentation is:
token=gIkuvaNzQIHg97ATvDxqgjtO
team_id=T0001
team_domain=example
channel_id=C2147483705
channel_name=test
user_id=U2147483697
user_name=Steve
command=/weather
text=94070
response_url=https://hooks.slack.com/commands/1234/5678
Notice the text parameter in the above list.
I need users to be able to pass a file path as a parameter of a get url (the file would not be uploaded and only the local file path is used for some security reasons). Now it's difficult for them to go and change all the backslashes to "%5". I was wondering if there is a way to force encoding of a part of the url. For example something as simple as putting it in double quotes, which doesn't work...
http://example.com/"c:\user\somone\somefile.txt"/dosomething
I ended up using pattern matching of rest routes at the server level. Something like this:
/example.com/*path/dosomething
So it would match any path even with slashes/backslashes. At last I do a decoding of the url to get rid of the escaped characters passed by browser for chars like space.
java.net.URLDecoder.decode(path, "UTF-8")
I am developing an android application and I am using a RESTful service to connect to SQL azure database. I need to use this RESTful url:
http://example.com/wcfDataService1.svc/wn_synset?$filter=word%20eq%20'child's_game'&$select=synset_id,w_num,word,ss_type,wn_gloss/gloss&$expand=wn_gloss
As you can see am looking for this word (child's_game) in the table wn_synset.
The problem is the single quote (') in child's_game. As you can see it puts the word inside quotes '...' so when it finds the quote in child's_game it thinks it is the end of the word and the rest is error.
How can i solve this problem?
You can url-encode the ' symbols with %27. See http://www.w3schools.com/tags/ref_urlencode.asp and try it in the "Try it yourself" section.
Edit: (moved correct guess from comments to the answer itself)
Or is it just, that the SQL-Server on the server side gets it wrong? Like it builds a select * from wn_synset where word = 'child's game' and there's the error? Then you'll have to look up how you escape single quotes for your database -- probably it's by using two single quotes (''), so perhaps try to send child''s game instead of child's game.
There is no problem, or in other words, your URL is not a URL. If it were a URL, ther wouldn't be a '. Of course, you can have this ' in your URL, so to speak. But it needs to be escaped in accordance with the rules for URLs. You may want to look at URLEncoder and Uri.
I have a Ruby on Rails Application that is using the X virtual framebuffer along with another program to grab images from the web. I have structured my command as shown below:
xvfb-run --server-args=-screen 0 1024x768x24 /my/c++/app #{user_provided_url}
What is the best way to make this call in rails with the maximum amount of safety from user input?
You probably don't need to sanitize this input in rails. If it's a URL and it's in a string format then it already has properly escaped characters to be passed as a URL to a Net::HTTP call. That said, you could write a regular expression to check that the URL looks valid. You could also do the following to make sure that the URL is parse-able:
uri = URI.parse(user_provided_url)
You can then query the object for it's relevant parts:
uri.path
uri.host
uri.port
Maybe I'm wrong, but why don't you just make sure that the string given is really an URL (URI::parse), surround it with single quotes and escape any single quote (') character that appears inside?