You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by da...@apache.org on 2020/01/08 13:39:37 UTC

[camel] branch camel-2.x updated: CAMEL-14375: camel-kafka - The saslJaasConfig option may contain sensitive information that can be logged

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch camel-2.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-2.x by this push:
     new f60e4a7  CAMEL-14375: camel-kafka - The saslJaasConfig option may contain sensitive information that can be logged
f60e4a7 is described below

commit f60e4a73935bea211eec38823698d73bd1d0bd62
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Wed Jan 8 14:39:20 2020 +0100

    CAMEL-14375: camel-kafka - The saslJaasConfig option may contain sensitive information that can be logged
---
 camel-core/src/main/java/org/apache/camel/util/URISupport.java     | 2 +-
 camel-core/src/test/java/org/apache/camel/util/URISupportTest.java | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/camel-core/src/main/java/org/apache/camel/util/URISupport.java b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
index 8e7c9ad..14c1b25 100644
--- a/camel-core/src/main/java/org/apache/camel/util/URISupport.java
+++ b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
@@ -42,7 +42,7 @@ public final class URISupport {
     // "passphrase" or "password" or secret key (case-insensitive).
     // First capture group is the key, second is the value.
     private static final Pattern SECRETS = Pattern.compile(
-            "([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret)[^=]*)=(RAW[({].*[)}]|[^&]*)",
+            "([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret|saslJaasConfig)[^=]*)=(RAW[({].*[)}]|[^&]*)",
             Pattern.CASE_INSENSITIVE);
 
     // Match the user password in the URI as second capture group
diff --git a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
index 1fc86f3..2a950d4 100644
--- a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -298,6 +298,12 @@ public class URISupportTest {
     }
 
     @Test
+    public void testSanitizeSaslJaasConfig() throws Exception {
+        String out1 = URISupport.sanitizeUri("kafka://MY-TOPIC-NAME?saslJaasConfig=org.apache.kafka.common.security.plain.PlainLoginModule required username=scott password=tiger");
+        assertEquals("kafka://MY-TOPIC-NAME?saslJaasConfig=xxxxxx", out1);
+    }
+
+    @Test
     public void testNormalizeEndpointUriWithUserInfoSpecialSign() throws Exception {
         String out1 = URISupport.normalizeUri("ftp://us%40r:t%st@localhost:21000/tmp3/camel?foo=us@r");
         assertEquals("ftp://us%40r:t%25st@localhost:21000/tmp3/camel?foo=us%40r", out1);