You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2020/08/19 16:36:57 UTC
[camel] branch camel-3.4.x updated: CAMEL-15425: prevent
SalesforceLoginConfig from leaking the user password (#4104)
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-3.4.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-3.4.x by this push:
new b4ca24b CAMEL-15425: prevent SalesforceLoginConfig from leaking the user password (#4104)
b4ca24b is described below
commit b4ca24b0162398524cd787ef190a6c721110fef2
Author: Otavio Rodolfo Piske <or...@users.noreply.github.com>
AuthorDate: Wed Aug 19 18:31:02 2020 +0200
CAMEL-15425: prevent SalesforceLoginConfig from leaking the user password (#4104)
---
.../camel/component/salesforce/SalesforceLoginConfig.java | 8 +++++---
.../component/salesforce/SalesforceLoginConfigTest.java | 15 +++++++++++++++
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java
index 5d513b6..720b38c 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java
+++ b/components/camel-salesforce/camel-salesforce-component/src/main/java/org/apache/camel/component/salesforce/SalesforceLoginConfig.java
@@ -234,8 +234,10 @@ public class SalesforceLoginConfig {
@Override
public String toString() {
- return "SalesforceLoginConfig[" + "instanceUrl= '" + instanceUrl + "', loginUrl='" + loginUrl + '\'' + "," + "clientId='" + clientId + '\'' + ", clientSecret='********'"
- + ", refreshToken='" + refreshToken + '\'' + ", userName='" + userName + '\'' + ", password=********'" + password + '\'' + ", keystore=********'" + keystore + '\''
- + ", lazyLogin=" + lazyLogin + ']';
+ return "SalesforceLoginConfig[" + "instanceUrl= '" + instanceUrl + "', loginUrl='" + loginUrl + '\'' + ","
+ + "clientId='" + clientId + '\'' + ", clientSecret='********'"
+ + ", refreshToken='" + refreshToken + '\'' + ", userName='" + userName + '\'' + ", password=********'"
+ + ", keystore=********'"
+ + ", lazyLogin=" + lazyLogin + ']';
}
}
diff --git a/components/camel-salesforce/camel-salesforce-component/src/test/java/org/apache/camel/component/salesforce/SalesforceLoginConfigTest.java b/components/camel-salesforce/camel-salesforce-component/src/test/java/org/apache/camel/component/salesforce/SalesforceLoginConfigTest.java
index 2f74c5d..c419692 100644
--- a/components/camel-salesforce/camel-salesforce-component/src/test/java/org/apache/camel/component/salesforce/SalesforceLoginConfigTest.java
+++ b/components/camel-salesforce/camel-salesforce-component/src/test/java/org/apache/camel/component/salesforce/SalesforceLoginConfigTest.java
@@ -20,6 +20,7 @@ import org.apache.camel.support.jsse.KeyStoreParameters;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
public class SalesforceLoginConfigTest {
@@ -73,4 +74,18 @@ public class SalesforceLoginConfigTest {
public void shouldValidateUsernamePasswordParameters() {
usernamePassword.validate();
}
+
+ @Test
+ public void doestNotLeakPassword() {
+ String superSecretText = "thisShouldNotLeak";
+ SalesforceLoginConfig salesforceLoginConfig = new SalesforceLoginConfig();
+
+ salesforceLoginConfig.setUserName("userName");
+ salesforceLoginConfig.setPassword(superSecretText);
+ salesforceLoginConfig.setClientId("clientId");
+ salesforceLoginConfig.setClientSecret("clientSecret");
+
+ String configString = salesforceLoginConfig.toString();
+ assertFalse(configString.contains(superSecretText));
+ }
}