Build Console displays a IndexOutOfBoundsException

Issue

  • When a given user uses an input step on a build, the console logs show an exception like:
java.lang.IndexOutOfBoundsException
    at hudson.MarkupText.rangeCheck(MarkupText.java:276)
    at hudson.MarkupText.addMarkup(MarkupText.java:259)
    at hudson.console.HyperlinkNote.annotate(HyperlinkNote.java:69)
    at hudson.console.ConsoleAnnotationOutputStream$1.annotate(ConsoleAnnotationOutputStream.java:115)
    at hudson.console.ConsoleAnnotator$1Aggregator.annotate(ConsoleAnnotator.java:114)
    at hudson.console.ConsoleAnnotationOutputStream.eol(ConsoleAnnotationOutputStream.java:145)
    at hudson.console.LineTransformationOutputStream.eol(LineTransformationOutputStream.java:60)
    at hudson.console.LineTransformationOutputStream.write(LineTransformationOutputStream.java:56)
    at java.io.FilterOutputStream.write(FilterOutputStream.java:77)
    at org.jenkinsci.plugins.workflow.log.FileLogStorage$1$1.write(FileLogStorage.java:238)
  • The issue occurs with only a specific user.
  • Despite this exception, the logs are properly captured in the JENKINS_HOME.
  • When opening the logs stored in the JENKINS_HOME, you should see something like approved by **** (4 stars).

Environment

Resolution

Most likely, the Jenkins instance stores a credential which is the same as the user name.
This issue is due to an inconsistency when creating the link to the user in the console.
The decorator creating the link uses the real name of the user to compute its size, then tries to apply it on the obfuscated (****) name.

Here is an example showing the issue:

pipeline {

    agent any
    environment {
        LDAP_CREDS = credentials('credentials')
    }
    stages {
        stage('An Input Stage') {
            steps {
                script {
                    input 'Hello'
                }
            }
        }
    }
}

There are mainly two ways of fixing the issue:

1. Make sure to not have user name in your credentials. This is the recommended fix.
2. In case this is not possible, then you should make sure not to inject credentials on stages using the input step.
For instance, the previous example would become:

pipeline {

    agent any

    stages {
        stage('An Input Stage') {
            steps {
                script {
                    input 'Hello'
                }
            }
        }
        stage('Stage that needs the credentials') {
            environment {
                LDAP_CREDS = credentials('credentials')
            }
            steps {
                script {
                    sh './myscript.sh'
                }
            }
        }
    }
}

Tested product/plugin versions

Have more questions?

0 Comments

Please sign in to leave a comment.