Masked Variable still printed in log output on gitlab.com
Summary
On gitlab.com setting a valid Masked Variable and echo it, still shows up in logs. This is using the gitlab-runner 11.10.0-rc2 (10efa505) on docker-auto-scale fa6cab46
Steps to reproduce
- Create a Masked variable, e.g. TEST = ABCDEFGH or TEST2 = 12345678 or longer strings and keep the default Masked toggle ON and one time Protected ON and one time OFF
Screenshot of a Protected + Masked Variable TEST and a not-Protected + Masked Variable TEST2 :
Screenshot_2019-04-24_at_22.49.15
- commit a .gitlab-ci.yml to master with the command
echo "$TEST"
andecho "$TEST2"
- look at the log output and see the values like
ABCDEFGH
and12345678
appear in the output - also tested (earlier on) with longer, random letter-digit strings, same effect.
Example Project
simply printing $TEST and $TEST2:
https://gitlab.com/petervandenabeele/kube-kompare/-/jobs/201913928
https://gitlab.com/petervandenabeele/kube-kompare/-/jobs/201912085
This has also export
, and we do see $CI_BUILD_TOKEN being masked correctly, but $TEST not masked.
https://gitlab.com/petervandenabeele/kube-kompare/-/jobs/201889446
I also tested with default ruby:2.5 image and with alpine:latest image and the bug was the same.
What is the current bug behavior?
The value of the Protected ENV Variable is printed in the output.
$ echo "$TEST and see if the result is masked"
ABCDEFGH and see if the result is masked
What is the expected correct behavior?
$ echo "$TEST and see if the result is masked"
xxxxxxxx and see if the result is masked
Relevant logs and/or screenshots
Running with gitlab-runner 11.10.0-rc2 (10efa505)
on docker-auto-scale fa6cab46
Using Docker executor with image alpine:latest ...
Pulling docker image alpine:latest ...
Using docker image sha256:cdf98d1859c1beb33ec70507249d34bacf888d59c24df3204057f9a6c758dddb for alpine:latest ...
Running on runner-fa6cab46-project-12016615-concurrent-0 via runner-fa6cab46-srm-1556137943-496841d9...
Initialized empty Git repository in /builds/petervandenabeele/kube-kompare/.git/
Fetching changes...
Created fresh repository.
From https://gitlab.com/petervandenabeele/kube-kompare
* [new branch] master -> origin/master
Checking out 2b11bc53 as master...
Skipping Git submodules setup
$ echo "hello world, in the default 'test' stage"
hello world, in the default 'test' stage
$ echo "$TEST and see if the result is masked"
ABCDEFGH and see if the result is masked
$ echo "$TEST2 and see if the result is masked"
12345678 and see if the result is masked
Job succeeded
Output of checks
This bug happens on GitLab.com
Possible fixes
Not found.!