You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2019/02/14 14:58:14 UTC

[camel] branch camel-2.x updated: CAMEL-13191: Fix Regex Pattern to hide passwords in URI

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch camel-2.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-2.x by this push:
     new 725cf99  CAMEL-13191: Fix Regex Pattern to hide passwords in URI
725cf99 is described below

commit 725cf993a45b64a319cb03adea0e8331d517a365
Author: Christian Pieczewski <ch...@gmail.com>
AuthorDate: Thu Feb 14 13:12:32 2019 +0100

    CAMEL-13191: Fix Regex Pattern to hide passwords in URI
    
    Backport from 3.x to 2.x
---
 .../src/main/java/org/apache/camel/util/URISupport.java    |  4 ++--
 .../test/java/org/apache/camel/util/URISupportTest.java    | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/camel-core/src/main/java/org/apache/camel/util/URISupport.java b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
index 74424bf..1ca4d9f 100644
--- a/camel-core/src/main/java/org/apache/camel/util/URISupport.java
+++ b/camel-core/src/main/java/org/apache/camel/util/URISupport.java
@@ -47,11 +47,11 @@ public final class URISupport {
 
     // Match the user password in the URI as second capture group
     // (applies to URI with authority component and userinfo token in the form "user:password").
-    private static final Pattern USERINFO_PASSWORD = Pattern.compile("(.*://.*:)(.*)(@)");
+    private static final Pattern USERINFO_PASSWORD = Pattern.compile("(.*://.*?:)(.*)(@)");
 
     // Match the user password in the URI path as second capture group
     // (applies to URI path with authority component and userinfo token in the form "user:password").
-    private static final Pattern PATH_USERINFO_PASSWORD = Pattern.compile("(.*:)(.*)(@)");
+    private static final Pattern PATH_USERINFO_PASSWORD = Pattern.compile("(.*?:)(.*)(@)");
 
     private static final String CHARSET = "UTF-8";
 
diff --git a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
index 63e5dc5..ca43903 100644
--- a/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -245,6 +245,13 @@ public class URISupportTest {
         String expected = "jt400://GEORGE:xxxxxx@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.DTAQ";
         assertEquals(expected, URISupport.sanitizeUri(uri));
     }
+    
+    @Test
+    public void testSanitizeUriWithUserInfoAndColonPassword() {
+        String uri = "sftp://USERNAME:HARRISON:COLON@sftp.server.test";
+        String expected = "sftp://USERNAME:xxxxxx@sftp.server.test";
+        assertEquals(expected, URISupport.sanitizeUri(uri));
+    }
 
     @Test
     public void testSanitizePathWithUserInfo() {
@@ -252,6 +259,13 @@ public class URISupportTest {
         String expected = "GEORGE:xxxxxx@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.PGM";
         assertEquals(expected, URISupport.sanitizePath(path));
     }
+    
+    @Test
+    public void testSanitizePathWithUserInfoAndColonPassword() {
+        String path = "USERNAME:HARRISON:COLON@sftp.server.test";
+        String expected = "USERNAME:xxxxxx@sftp.server.test";
+        assertEquals(expected, URISupport.sanitizePath(path));
+    }
 
     @Test
     public void testSanitizePathWithoutSensitiveInfoIsUnchanged() {