[JENKINS-74972] BitbucketUsernamePasswordCredentialMatcher returns invalid CQL (#940)

KalleOlaviNiemitalo · web-flow · commit 326a147ef56c · 2024-12-09T22:11:07.000+01:00
Remove the CredentialsMatcher.CQL implementations from
BitbucketUsernamePasswordCredentialMatcher and
BitbucketOAuthCredentialMatcher.

The Credentials Query Language grammar does not support
static method calls like StringUtils.isNotBlank(username).
I didn't find any credential provider that uses CQL,
so let's just not implement it.
diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketOAuthCredentialMatcher.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketOAuthCredentialMatcher.java
@@ -30,7 +30,15 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-public class BitbucketOAuthCredentialMatcher implements CredentialsMatcher, CredentialsMatcher.CQL {
+// Although the CredentialsMatcher documentation says that the best practice
+// is to implement CredentialsMatcher.CQL too, this class does not implement
+// CredentialsMatcher.CQL, for the following reasons:
+//
+// * CQL supports neither method calls like username.contains(".")
+//   nor any regular-expression matching that could be used instead.
+// * There don't seem to be any public credential-provider plugins that
+//   would benefit from CQL.
+public class BitbucketOAuthCredentialMatcher implements CredentialsMatcher {
     private static int keyLength = 18;
     private static int secretLength = 32;
 
@@ -63,16 +71,4 @@ public boolean matches(Credentials item) {
             return false;
         }
     }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    public String describe() {
-        return String.format(
-                "(username.lenght == %d && password.lenght == %d && !(username CONTAINS \".\" && username CONTAINS \"@\")",
-                keyLength, secretLength);
-    }
-
-
 }
diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketUsernamePasswordCredentialMatcher.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketUsernamePasswordCredentialMatcher.java
@@ -29,7 +29,15 @@
 import hudson.util.Secret;
 import org.apache.commons.lang.StringUtils;
 
-public class BitbucketUsernamePasswordCredentialMatcher implements CredentialsMatcher, CredentialsMatcher.CQL {
+// Although the CredentialsMatcher documentation says that the best practice
+// is to implement CredentialsMatcher.CQL too, this class does not implement
+// CredentialsMatcher.CQL, for the following reasons:
+//
+// * CQL supports neither method calls like StringUtils.isNotBlank(username)
+//   nor any regular-expression matching that could be used instead.
+// * There don't seem to be any public credential-provider plugins that
+//   would benefit from CQL.
+public class BitbucketUsernamePasswordCredentialMatcher implements CredentialsMatcher {
     private static final long serialVersionUID = -9196480589659636909L;
 
     /**
@@ -46,13 +54,4 @@ public boolean matches(Credentials item) {
         String password = Secret.toString(usernamePasswordCredential.getPassword());
         return StringUtils.isNotBlank(username) && StringUtils.isNotBlank(password);
     }
-
-    /**
-     * {@inheritDoc}
-     */
-    @Override
-    public String describe() {
-        return "username and password are not empty";
-    }
-
 }
