You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2024/03/12 00:20:57 UTC
(cxf) 04/05: [CXF-8982] add optional namespace prefix in template (#1721)
This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit ba28396bbe6e2c457ca4b62a110048e71a6bdaa2
Author: Gaƫtan Pitteloud <ga...@generali.com>
AuthorDate: Tue Mar 12 01:05:22 2024 +0100
[CXF-8982] add optional namespace prefix in template (#1721)
* [CXF-8982] add optional namespace prefix in template
* [CXF-8982] add more characters to namespace prefix following W3C
* [CXF-8982] fixed checkstyle errors
(cherry picked from commit 275aa9f2c1b95b609ad7e0a4dc1c80d9e132924a)
---
.../java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java | 11 ++++++++---
.../org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java | 10 +++++++++-
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
index 062a0e4d4b..94f2aa7c4a 100644
--- a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
+++ b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
@@ -27,8 +27,13 @@ import org.apache.cxf.message.Message;
public class MaskSensitiveHelper {
private static final String ELEMENT_NAME_TEMPLATE = "-ELEMENT_NAME-";
- private static final String MATCH_PATTERN_XML_TEMPLATE = "(<-ELEMENT_NAME-.*?>)(.*?)(</-ELEMENT_NAME->)";
- private static final String REPLACEMENT_XML_TEMPLATE = "$1XXX$3";
+ // see https://www.w3.org/TR/REC-xml-names/#NT-NCName for allowed chars in namespace prefix
+ private static final String PATTERN_XML_NAMESPACE_PREFIX = "[\\w.\\-\\u00B7\\u00C0-\\u00D6\\u00D8-\\u00F6"
+ + "\\u00F8-\\u02FF\\u0300-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u203F-\\u2040\\u2070-\\u218F"
+ + "\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD]+";
+ private static final String MATCH_PATTERN_XML_TEMPLATE = "(<(" + PATTERN_XML_NAMESPACE_PREFIX
+ + ":)?-ELEMENT_NAME-.*?>)(.*?)(</(" + PATTERN_XML_NAMESPACE_PREFIX + ":)?-ELEMENT_NAME->)";
+ private static final String REPLACEMENT_XML_TEMPLATE = "$1XXX$4";
private static final String MATCH_PATTERN_JSON_TEMPLATE = "\"-ELEMENT_NAME-\"[ \\t]*:[ \\t]*\"(.*?)\"";
private static final String REPLACEMENT_JSON_TEMPLATE = "\"-ELEMENT_NAME-\": \"XXX\"";
private static final String MASKED_HEADER_VALUE = "XXX";
@@ -55,7 +60,7 @@ public class MaskSensitiveHelper {
replacementsJSON.clear();
addSensitiveElementNames(inSensitiveElementNames);
}
-
+
public void addSensitiveElementNames(final Set<String> inSensitiveElementNames) {
for (final String sensitiveName : inSensitiveElementNames) {
addReplacementPair(MATCH_PATTERN_XML_TEMPLATE, REPLACEMENT_XML_TEMPLATE, sensitiveName, replacementsXML);
diff --git a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
index d0a5092e87..a61e5032b8 100644
--- a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
+++ b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
@@ -45,6 +45,7 @@ import static org.junit.Assert.assertNotNull;
@RunWith(Parameterized.class)
public class MaskSensitiveHelperTest {
+
private static final String SENSITIVE_LOGGING_CONTENT_XML =
"<user>testUser</user><password>my secret password</password>";
private static final String MASKED_LOGGING_CONTENT_XML =
@@ -59,7 +60,7 @@ public class MaskSensitiveHelperTest {
"\"user\":\"testUser\", \"password\": \"my secret password\"";
private static final String MASKED_LOGGING_CONTENT_JSON =
"\"user\":\"testUser\", \"password\": \"XXX\"";
-
+
private static final String SENSITIVE_LOGGING_MULTIPLE_ELEMENT_XML =
"<item><user>testUser1</user><password myAttribute=\"test\">my secret password 1</password></item>"
+ "<item><user>testUser2</user><password>my secret password 2</password></item>";
@@ -67,6 +68,12 @@ public class MaskSensitiveHelperTest {
"<item><user>testUser1</user><password myAttribute=\"test\">XXX</password></item>"
+ "<item><user>testUser2</user><password>XXX</password></item>";
+ private static final String SENSITIVE_LOGGING_CONTENT_XML_WITH_NAMESPACE =
+ "<ns:user>testUser</ns:user><ns:password>my secret password</ns:password>";
+
+ private static final String MASKED_LOGGING_CONTENT_XML_WITH_NAMESPACE =
+ "<ns:user>testUser</ns:user><ns:password>XXX</ns:password>";
+
private static final Set<String> SENSITIVE_ELEMENTS = new HashSet<>(Arrays.asList("password"));
private static final String APPLICATION_XML = "application/xml";
private static final String APPLICATION_JSON = "application/json";
@@ -87,6 +94,7 @@ public class MaskSensitiveHelperTest {
{SENSITIVE_LOGGING_CONTENT_XML, MASKED_LOGGING_CONTENT_XML, APPLICATION_XML},
{SENSITIVE_LOGGING_CONTENT_XML_WITH_ATTRIBUTE, MASKED_LOGGING_CONTENT_XML_WITH_ATTRIBUTE, APPLICATION_XML},
{SENSITIVE_LOGGING_MULTIPLE_ELEMENT_XML, MASKED_LOGGING_MULTIPLE_ELEMENT_XML, APPLICATION_XML},
+ {SENSITIVE_LOGGING_CONTENT_XML_WITH_NAMESPACE, MASKED_LOGGING_CONTENT_XML_WITH_NAMESPACE, APPLICATION_XML},
{SENSITIVE_LOGGING_CONTENT_JSON, MASKED_LOGGING_CONTENT_JSON, APPLICATION_JSON}
});
}