Skip to content

Reject illegal characters in new credential IDs#1058

Open
adiprathapa wants to merge 1 commit into
jenkinsci:masterfrom
adiprathapa:reject-illegal-credential-ids
Open

Reject illegal characters in new credential IDs#1058
adiprathapa wants to merge 1 commit into
jenkinsci:masterfrom
adiprathapa:reject-illegal-credential-ids

Conversation

@adiprathapa

Copy link
Copy Markdown

The ID field in the credential forms already warns about illegal characters, but the form can still be submitted and the credential is created anyway. This adds server side validation with Jenkins.checkGoodName at the two interactive creation endpoints, doCreateCredentials in CredentialsStoreAction and doAddCredentials in CredentialsSelectHelper. The popup dialog returns its usual error notification and a plain form submission gets a 400 response.

The XML REST endpoint and the CLI command are left as they are, so credentials exported from an existing instance can still be imported even if their IDs predate this check, in line with the comment about allowing pre stored credentials. Updating and moving existing credentials are also unaffected since the check only runs on creation.

Both new tests fail without the main change and pass with it.

Fixes #977

@adiprathapa adiprathapa requested a review from a team as a code owner June 11, 2026 03:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[JENKINS-75943] Credentials IDs can be created with illegal characters

1 participant