Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add workaround for OutOfMemoryError due to BAM-17488 (build log flooded by asterisks in password variables)

Description

At least one Tasks for AWS user has been affected by a severe Bamboo bug that is meanwhile tracked via Password masking in logs outputs a lot of asterisks if any of the password variable contain an asterisk (BAM-17488).

The Bamboo team has provided a patched Bamboo 5.10.3 JAR as a quick fix solution, and also scheduled the fix to be included in Bamboo 5.12.0. Given that the bug affects any Bamboo version since 5.9.1 and including the not yet released 5.11.x releases, we expect several of our users to run into this eventually and are contemplating a workaround to avoid any disruption due to this semantically trivial yet serious issue.

Environment

None

Figma for Jira

Activity

Show:

Steffen Opel [Utoolity] April 27, 2016 at 6:32 PM

This improvement has just been published as part of Tasks for AWS 2.10.4.

Henrik Opel [Utoolity] April 26, 2016 at 7:04 PM

Resolved as Fixed - this improvement will be part of the upcoming release 2.10.4.

The workaround avoids the build log flooding by skipping the creation of variables if they are password variables (key contains "password", "awsSecretKey" or "passphrase") and contains only asterisks.

For the (unlikely) case that this would affect any existing build configurations, the workaround can be disabled by setting a global or plan variable utoolity.flags.disableWorkaroundForBAM17488 to true.

Henrik Opel [Utoolity] April 25, 2016 at 8:10 PM

- thanks again for the helpful insights, much appreciated. Your comment settles our decision, and we will implement an explicit workaround with our add-on to at least minimize the impact until the issue is fixed in Bamboo itself.

Former user April 25, 2016 at 7:54 PM

Most users have run this issue, but haven't noticed other than bigger database inserts and logs sizes... real crashes stars when there is more than 8-9 response parameters containing NoEcho. We have other instances (that we maintain for customers) running same setup, newest Bamboo and Task for AWS, but they don't have so many "secret" parameters so we didn't even notice it, except now seeing how much extra space has been taken.

Some kind of cleanup task for logs + database would be nice (didn't check if database or atlassian home is taking that extra space). About 30 - 40 tests deployment and 4 GB is gone

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Participants

Former user
Henrik Opel [Utoolity]
Steffen Opel [Utoolity]

Components

Fix versions

Affects versions

Priority

Created April 25, 2016 at 7:10 PM
Updated March 16, 2021 at 1:22 PM
Resolved April 26, 2016 at 7:04 PM