Sanitize paths for SSH data#1712
Merged
MarkEWaite merged 1 commit intojenkinsci:stable-6.4from Dec 18, 2025
Merged
Conversation
SSH has special rules related to '%' characters in its file name arguments. Refer to the ssh_config man page for its descriptions of tokens: https://man.openbsd.org/ssh_config#TOKENS If the absolute path to the temporary file for the private key includes a '%' character, then use the system temporary directory instead. Likewise if the absolute path to the Windows temporary file for the private key includes a ' ', a '(', or a ')', then use the system temporary directory. Makes the createTempFile() implementation match the comment. Testing done: * Confirmed that I can duplicate the bug with a multibranch Pipeline cloned through an SSH URL when one of the branches in the repository contains a '/' character. In my test case, I used 'bug/git-cleint-plugin-1710' as the branch name * Confirmed that the bug is resolved by this change Pipeline definition used for test: pipeline { agent { label 'windows' } options { skipDefaultCheckout true } stages { stage('Checkout') { steps { ws('percent%2Fencoded') { checkout scm } ws('a b') { checkout scm } ws('c(') { checkout scm } ws('d)') { checkout scm } ws('e())') { checkout scm } ws('f g') { checkout scm } } } } }
MarkEWaite
changed the title
mikecirioli
approved these changes
Dec 17, 2025
MarkEWaite
added a commit
to MarkEWaite/docker-lfs
that referenced
this pull request
Dec 18, 2025
Includes fixes for issues: * jenkinsci/git-client-plugin#1704 * jenkinsci/git-client-plugin#1710 * jenkinsci/git-client-plugin#1711 Includes changes from: * jenkinsci/git-client-plugin#1712
MarkEWaite
added a commit
to MarkEWaite/docker-lfs
that referenced
this pull request
Dec 18, 2025
Includes fixes for issues: * jenkinsci/git-client-plugin#1704 * jenkinsci/git-client-plugin#1710 * jenkinsci/git-client-plugin#1711 Includes changes from: * jenkinsci/git-client-plugin#1712
This was
linked to
issues
Dec 18, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sanitize paths for SSH data
SSH has special rules related to '%' characters in its file name arguments. Refer to the ssh_config man page for its descriptions of tokens:
https://man.openbsd.org/ssh_config#TOKENS
If the absolute path to the temporary file for the private key includes a '%' character, then use the system temporary directory instead.
Likewise if the absolute path to the Windows temporary file for the private key includes a ' ', a '(', or a ')', then use the system temporary directory.
Windows
Makes the createTempFile() implementation match the comment.
Fixes #1704
Fixes #1710
Amends 5a271e5
Testing done
Multibranch Pipeline definition used for test:
Submitter checklist