You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2022/10/05 08:52:52 UTC
[karaf] branch karaf-4.3.x updated: KARAF-7537 - Password displayed in console using repo-list
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch karaf-4.3.x
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.3.x by this push:
new 702d69c1f7 KARAF-7537 - Password displayed in console using repo-list
702d69c1f7 is described below
commit 702d69c1f72b4a15684f583937de7c467849341f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Oct 3 16:29:16 2022 +0100
KARAF-7537 - Password displayed in console using repo-list
(cherry picked from commit 2a6adc8a9821aa50e37ebc5a2426ee2347ff0915)
---
.../karaf/features/command/RepoListCommand.java | 7 ++++-
.../features/command/RepoListCommandTest.java | 35 ++++++++++++++++++++--
.../karaf/webconsole/features/FeaturesPlugin.java | 4 +++
3 files changed, 43 insertions(+), 3 deletions(-)
diff --git a/features/command/src/main/java/org/apache/karaf/features/command/RepoListCommand.java b/features/command/src/main/java/org/apache/karaf/features/command/RepoListCommand.java
index a91182f832..6c59da8e9a 100644
--- a/features/command/src/main/java/org/apache/karaf/features/command/RepoListCommand.java
+++ b/features/command/src/main/java/org/apache/karaf/features/command/RepoListCommand.java
@@ -59,7 +59,12 @@ public class RepoListCommand extends FeaturesCommandSupport {
if (repo != null) {
if (showBlacklisted || !repo.isBlacklisted()) {
Row row = table.addRow();
- row.addContent(repo.getName(), repo.getURI().toString());
+ String uri = repo.getURI().toString();
+ // Hide the user:password if it contains one
+ if (uri.matches("\\S*://\\S*:\\S*@\\S*")) {
+ uri = uri.replaceFirst("://\\S*@", "://*****:*****@");
+ }
+ row.addContent(repo.getName(), uri);
if (showBlacklisted) {
row.addContent(repo.isBlacklisted() ? "yes" : "no");
}
diff --git a/features/command/src/test/java/org/apache/karaf/features/command/RepoListCommandTest.java b/features/command/src/test/java/org/apache/karaf/features/command/RepoListCommandTest.java
index 888138b620..8957c3a9e6 100644
--- a/features/command/src/test/java/org/apache/karaf/features/command/RepoListCommandTest.java
+++ b/features/command/src/test/java/org/apache/karaf/features/command/RepoListCommandTest.java
@@ -28,8 +28,7 @@ import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.net.URI;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.*;
public class RepoListCommandTest extends RepositoryCommandTestBase {
@@ -138,4 +137,36 @@ public class RepoListCommandTest extends RepositoryCommandTestBase {
EasyMock.verify(service, blacklistedRepo, whitelistedRepo);
}
+
+ @Test
+ public void testPasswordsHidden() throws Exception {
+ FeaturesService service = EasyMock.createMock(FeaturesService.class);
+
+ Repository repo = EasyMock.createMock(Repository.class);
+ URI repoUri = URI.create("mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features");
+ EasyMock.expect(repo.getURI()).andReturn(repoUri).anyTimes();
+ EasyMock.expect(repo.getName()).andReturn("cxf-3.5.3").anyTimes();
+ EasyMock.expect(repo.isBlacklisted()).andReturn(false);
+
+ EasyMock.expect(service.listRepositories()).andReturn(new Repository[]{repo});
+
+ EasyMock.replay(service, repo);
+
+ RepoListCommand repoListCommand = new RepoListCommand();
+ repoListCommand.setFeaturesService(service);
+ repoListCommand.noFormat = true;
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ PrintStream out = new PrintStream(baos);
+ System.setOut(out);
+
+ repoListCommand.execute();
+ out.flush();
+
+ String commandOutput = baos.toString();
+ assertTrue(commandOutput.contains("*****:*****"));
+ assertFalse(commandOutput.contains("user:password"));
+
+ EasyMock.verify(service, repo);
+ }
}
diff --git a/webconsole/features/src/main/java/org/apache/karaf/webconsole/features/FeaturesPlugin.java b/webconsole/features/src/main/java/org/apache/karaf/webconsole/features/FeaturesPlugin.java
index a08cc06e2f..0ad1fef12e 100644
--- a/webconsole/features/src/main/java/org/apache/karaf/webconsole/features/FeaturesPlugin.java
+++ b/webconsole/features/src/main/java/org/apache/karaf/webconsole/features/FeaturesPlugin.java
@@ -277,6 +277,10 @@ public class FeaturesPlugin extends AbstractWebConsolePlugin {
jw.value(name);
jw.key("url");
String uri = r.getURI().toString();
+ // Hide the user:password if it contains one
+ if (uri.matches("\\S*://\\S*:\\S*@\\S*")) {
+ uri = uri.replaceFirst("://\\S*@", "://*****:*****@");
+ }
jw.value(uri);
jw.key("actions");
jw.array();