Hello,
I would like to understand how my code need to look like, so that I don’t see the warning:
The following steps that have been detected may have insecure interpolation of sensitive variables (click here for an explanation):
httpRequest: [BACKUP_PASSWORD]
The API of an non public application requests, that I authenticate against the API with Username and Password, stored in BACKUP_CREDENTIALS and provide an password (Secret BACKUP_PASSWORD) in JSON format in the request body.
When restoring the backup zip file, both credentials need to be provided again.
import java.time.*
import java.time.format.DateTimeFormatter
def timeStamp = Calendar.getInstance().getTime().format('YYYYMMdd_hhmmss',TimeZone.getTimeZone('Europe/Berlin'))
println timeStamp
pipeline {
agent any
stages {
// https://www.jenkins.io/doc/book/pipeline/syntax/#supported-credentials-type
stage('Backup') {
environment {
HOSTNAME = "example.com"
BACKUP_PASSWORD = credentials('RESTORE')
}
steps {
timeout(time: 120, unit: 'SECONDS') {
script {
// https://www.jenkins.io/doc/pipeline/steps/http_request/
// https://plugins.jenkins.io/http_request/
withCredentials([string(credentialsId: 'RESTORE', variable: 'BACKUP_PASSWORD')]) {
def response = httpRequest url: 'https://' + HOSTNAME + ':1234/api/backup',
acceptType: 'APPLICATION_ZIP',
authentication: 'BACKUP_CREDENTIALS',
consoleLogResponseBody: false,
contentType: 'APPLICATION_JSON',
httpMode: 'POST',
ignoreSslErrors: true,
outputFile: BUILD_NUMBER + '_backup_' + timeStamp + '_' + HOSTNAME + '.zip',
requestBody: """
{"password": '$BACKUP_PASSWORD'}
""",
timeout: 120,
wrapAsMultipart: false
}
}
}
}
}
}
}
Thank you in advance.