You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2019/02/14 04:44:44 UTC
[camel] branch master updated: CAMEL-13191: Fix Regex Pattern to
hide passwords in URI (#2766)
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new 9ba42a4 CAMEL-13191: Fix Regex Pattern to hide passwords in URI (#2766)
9ba42a4 is described below
commit 9ba42a4f47516e0773d8608d9c017b6062fa5453
Author: drmaniac <ch...@gmail.com>
AuthorDate: Thu Feb 14 05:44:39 2019 +0100
CAMEL-13191: Fix Regex Pattern to hide passwords in URI (#2766)
* CAMEL-13191: Fix Regex Pattern to hide passwords in URI which contains colons
* CAMEL-13191: Fix Regex pattern for PATH_USERINFO_PASSWORD to hide collon passwords
* correct Collon to Colon
* Remove unnecessary system.out
---
.../src/main/java/org/apache/camel/util/URISupport.java | 4 ++--
.../test/java/org/apache/camel/util/URISupportTest.java | 14 ++++++++++++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
index 215da85..429e8dcb 100644
--- a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
+++ b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
@@ -44,12 +44,12 @@ public final class URISupport {
// Match the user password in the URI as second capture group
// (applies to URI with authority component and userinfo token in the form
// "user:password").
- private static final Pattern USERINFO_PASSWORD = Pattern.compile("(.*://.*:)(.*)(@)");
+ private static final Pattern USERINFO_PASSWORD = Pattern.compile("(.*://.*?:)(.*)(@)");
// Match the user password in the URI path as second capture group
// (applies to URI path with authority component and userinfo token in the
// form "user:password").
- private static final Pattern PATH_USERINFO_PASSWORD = Pattern.compile("(.*:)(.*)(@)");
+ private static final Pattern PATH_USERINFO_PASSWORD = Pattern.compile("(.*?:)(.*)(@)");
private static final String CHARSET = "UTF-8";
diff --git a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
index 63e5dc5..6b28e60 100644
--- a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -247,6 +247,13 @@ public class URISupportTest {
}
@Test
+ public void testSanitizeUriWithUserInfoAndColonPassword() {
+ String uri = "sftp://USERNAME:HARRISON:COLON@sftp.server.test";
+ String expected = "sftp://USERNAME:xxxxxx@sftp.server.test";
+ assertEquals(expected, URISupport.sanitizeUri(uri));
+ }
+
+ @Test
public void testSanitizePathWithUserInfo() {
String path = "GEORGE:HARRISON@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.PGM";
String expected = "GEORGE:xxxxxx@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.PGM";
@@ -254,6 +261,13 @@ public class URISupportTest {
}
@Test
+ public void testSanitizePathWithUserInfoAndColonPassword() {
+ String path = "USERNAME:HARRISON:COLON@sftp.server.test";
+ String expected = "USERNAME:xxxxxx@sftp.server.test";
+ assertEquals(expected, URISupport.sanitizePath(path));
+ }
+
+ @Test
public void testSanitizePathWithoutSensitiveInfoIsUnchanged() {
String path = "myhost:8080/mypath";
assertEquals(path, URISupport.sanitizePath(path));