Hashing Octopus Substitute Variables in Powershell

leeann.tech's Avatar

leeann.tech

12 Feb, 2018 04:30 PM

Hello there, I've been struggling with a powershell script step. I'm currently trying to hash a sensitive connection string variable that is set in the octopus project variables, and comparing to hashed value of a connection string stored elsewhere. My variables look like this:

#{ConnectionString} - Data Source=#{OctVarTest2};Initial Catalog=TestV2019;User Id=#{OctVarTest3};Password=#{OctVarTest4};
#{OctVarTest2} - 0.0.0.0\BLAH,80
#{OctVarTest3} - TestUser
#{OctVarTest4} - Password1 (stored as sensitive variable)

My script looks like this (I've cut a lot out just to really get the hashing bit):

function Hash($textToHash) {
    $hasher = new-object System.Security.Cryptography.SHA256Managed
    $toHash = [System.Text.Encoding]::UTF8.GetBytes($textToHash)
    $hashByteArray = $hasher.ComputeHash($toHash)
    foreach($byte in $hashByteArray) {
         $res += $byte.ToString()
    }
    return $res;
}
Hash $ConnectionString

The hash is not correct, as when I hash the value "Data Source=0.0.0.0\BLAH,80;Initial Catalog=TestV2019;User Id=TestUser;Password=Password1;" I get a different result. When I hash the text value of #{ConnectionString} without the substituted values I get the same hash as my script result. When I just write out the #{ConnectionString} variable it shows with the substitutions in place. Is this an issue with my script maybe? Or should I be inputting the variable a different way? Thank you for your time.

  1. Support Staff 1 Posted by Robert Wagner on 13 Feb, 2018 04:50 AM

    Robert Wagner's Avatar

    Hi,

    I think the problem is that you are concatenating the decimal versions of the byte values instead of the hexidecimal. Either try $byte.ToString("x") or [System]::BitConverter.ToString($hashByteArray)

    Robert W

  2. 2 Posted by leeann.tech on 13 Feb, 2018 09:27 AM

    leeann.tech's Avatar

    I've tried this but getting the same result though slightly different hash this time. I should mention that this script works locally. I Define the variables like this:

    $OctVarTest = "Data Source=0.0.0.0\BLAH,80;Initial Catalog=TestV2019;User Id=TestUser;Password=Password1;"
    $ConnectionString = "Data Source=$OctVarTest2;Initial Catalog=TestV2019;User Id=$OctVarTest3;Password=$OctVarTest4;"
    $BadConnectionString = "Data Source=#{OctVarTest2};Initial Catalog=TestV2019;User Id=#{OctVarTest3};Password=#{OctVarTest4};"
    $OctVarTest2 = "0.0.0.0\BLAH,80"
    $OctVarTest3 = "TestUser"
    $OctVarTest4 = "Password1"

    function Hash($textToHash) {
        $hasher = new-object System.Security.Cryptography.SHA256Managed
        $toHash = [System.Text.Encoding]::UTF8.GetBytes($textToHash)
        $hashByteArray = $hasher.ComputeHash($toHash)
        foreach($byte in $hashByteArray) {
             $res += $byte.ToString()
        }
        return $res;
    }

    Write-Host $ConnectionString

    Hash $ConnectionString
    Hash $OctVarTest
    Hash $BadConnectionString

    The function could be the problem, but I think it has more to do with the way the function is trying to handle the variable with variables nested in it via Octopus.

  3. Support Staff 3 Posted by Robert Wagner on 14 Feb, 2018 06:28 AM

    Robert Wagner's Avatar

    Hi,

    I run the following script which has some more output:

    $OctVarTest = "Data Source=0.0.0.0\BLAH,80;Initial Catalog=TestV2019;User Id=TestUser;Password=Password1;" 
    $ConnectionString = "Data Source=$OctVarTest2;Initial Catalog=TestV2019;User Id=$OctVarTest3;Password=$OctVarTest4;" 
    $BadConnectionString = "Data Source=#{OctVarTest2};Initial Catalog=TestV2019;User Id=#{OctVarTest3};Password=#{OctVarTest4};" 
    $OctVarTest2 = "0.0.0.0\BLAH,80" 
    $OctVarTest3 = "TestUser" 
    $OctVarTest4 = "Password1"


    function Hash($textToHash) { $hasher = new-object System.Security.Cryptography.SHA256Managed $toHash = [System.Text.Encoding]::UTF8.GetBytes($textToHash) $hashByteArray = $hasher.ComputeHash($toHash) foreach($byte in $hashByteArray) { $res += $byte.ToString() } return $res; }


    Write-Host $ConnectionString Write-Host $OctVarTest Write-Host $BadConnectionString


    Write-Host $ConnectionString.Length Write-Host $OctVarTest.Length Write-Host $BadConnectionString.Length


    Hash $ConnectionString Hash $OctVarTest Hash $BadConnectionString
    and the output I get is:
    16:25:56   Info     |       Data Source=0.0.0.0\BLAH,80;Initial Catalog=TestV2019;User Id=TestUser;Password=*****;
    16:25:56   Info     |       Data Source=0.0.0.0\BLAH,80;Initial Catalog=TestV2019;User Id=TestUser;Password=**;
    16:25:56   Info     |       Data Source=0.0.0.0\BLAH,80;Initial Catalog=TestV2019;User Id=TestUser;Password=*****;
    16:25:56   Info     |       90
    16:25:56   Info     |       90
    16:25:56   Info     |       90
    16:25:56   Info     |       54158111395013824665010228236122313174313190105209198164544517023918010204233122
    16:25:56   Info     |       54158111395013824665010228236122313174313190105209198164544517023918010204233122
    16:25:56   Info     |       54158111395013824665010228236122313174313190105209198164544517023918010204233122
    

    Could you run that version of the script and show me what your output is?

    Rob

  4. 4 Posted by leeann.tech on 15 Feb, 2018 03:27 PM

    leeann.tech's Avatar

    Ahh thanks for your help! Turns out the issue was with the escaped backslash that was in the octopus variable. I am now returning the variable and replacing with a single slash before the hash compare, success! Thanks again for your time.

  5. leeann.tech closed this discussion on 15 Feb, 2018 03:27 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac