You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2019/06/28 07:24:54 UTC
[camel] branch camel-2.x updated: CAMEL-13697: URISupport - Mask
accessToken and clientSecret in uri logging
This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch camel-2.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-2.x by this push:
new 70c3b2c CAMEL-13697: URISupport - Mask accessToken and clientSecret in uri logging
70c3b2c is described below
commit 70c3b2cfc833753f6ccacb2c12844c787a0530ab
Author: Claus Ibsen <cl...@gmail.com>
AuthorDate: Fri Jun 28 09:20:15 2019 +0200
CAMEL-13697: URISupport - Mask accessToken and clientSecret in uri logging
---
camel-core/src/main/java/org/apache/camel/util/URISupport.java | 2 +-
camel-core/src/test/java/org/apache/camel/util/URISupportTest.java | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/camel-core/src/main/java/org/apache/camel/util/URISupport.java b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
index 1ca4d9f..8e7c9ad 100644
--- a/camel-core/src/main/java/org/apache/camel/util/URISupport.java
+++ b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
@@ -42,7 +42,7 @@ public final class URISupport {
// "passphrase" or "password" or secret key (case-insensitive).
// First capture group is the key, second is the value.
private static final Pattern SECRETS = Pattern.compile(
- "([?&][^=]*(?:passphrase|password|secretKey)[^=]*)=(RAW[({].*[)}]|[^&]*)",
+ "([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret)[^=]*)=(RAW[({].*[)}]|[^&]*)",
Pattern.CASE_INSENSITIVE);
// Match the user password in the URI as second capture group
diff --git a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
index ca43903..1fc86f3 100644
--- a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -240,6 +240,12 @@ public class URISupportTest {
}
@Test
+ public void testSanitizeAccessToken() throws Exception {
+ String out1 = URISupport.sanitizeUri("google-sheets-stream://spreadsheets?accessToken=MY_TOKEN&clientId=foo&clientSecret=MY_SECRET");
+ assertEquals("google-sheets-stream://spreadsheets?accessToken=xxxxxx&clientId=foo&clientSecret=xxxxxx", out1);
+ }
+
+ @Test
public void testSanitizeUriWithUserInfo() {
String uri = "jt400://GEORGE:HARRISON@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.DTAQ";
String expected = "jt400://GEORGE:xxxxxx@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.DTAQ";