You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2010/09/03 07:11:07 UTC
svn commit: r992207 - in /camel/trunk/camel-core/src:
main/java/org/apache/camel/impl/DefaultEndpoint.java
test/java/org/apache/camel/impl/DefaultEndpointTest.java
Author: davsclaus
Date: Fri Sep 3 05:11:07 2010
New Revision: 992207
URL: http://svn.apache.org/viewvc?rev=992207&view=rev
Log:
CAMEL-3099: Endpoint uris will mask password in logs. Thanks to Lorrin Nelson for the patch.
Added:
camel/trunk/camel-core/src/test/java/org/apache/camel/impl/DefaultEndpointTest.java
Modified:
camel/trunk/camel-core/src/main/java/org/apache/camel/impl/DefaultEndpoint.java
Modified: camel/trunk/camel-core/src/main/java/org/apache/camel/impl/DefaultEndpoint.java
URL: http://svn.apache.org/viewvc/camel/trunk/camel-core/src/main/java/org/apache/camel/impl/DefaultEndpoint.java?rev=992207&r1=992206&r2=992207&view=diff
==============================================================================
--- camel/trunk/camel-core/src/main/java/org/apache/camel/impl/DefaultEndpoint.java (original)
+++ camel/trunk/camel-core/src/main/java/org/apache/camel/impl/DefaultEndpoint.java Fri Sep 3 05:11:07 2010
@@ -19,6 +19,7 @@ package org.apache.camel.impl;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.util.Map;
+import java.util.regex.Pattern;
import org.apache.camel.CamelContext;
import org.apache.camel.CamelContextAware;
@@ -43,6 +44,10 @@ import org.apache.camel.util.ObjectHelpe
*/
public abstract class DefaultEndpoint implements Endpoint, HasId, CamelContextAware {
+ //Match any key-value pair in the URI query string whose key contains "passphrase" or "password" (case-insensitive).
+ //First capture group is the key, second is the value.
+ private static final Pattern SECRETS = Pattern.compile("([?&][^=]*(?:passphrase|password)[^=]*)=([^&]*)", Pattern.CASE_INSENSITIVE);
+
private String endpointUri;
private CamelContext camelContext;
private Component component;
@@ -84,12 +89,12 @@ public abstract class DefaultEndpoint im
@Override
public String toString() {
- return "Endpoint[" + getEndpointUri() + "]";
+ return String.format("Endpoint[%s]", sanitizeUri(getEndpointUri()));
}
/**
* Returns a unique String ID which can be used for aliasing without having to use the whole URI which
- * is not unique
+ * is not unique
*/
public String getId() {
return id;
@@ -201,7 +206,7 @@ public abstract class DefaultEndpoint im
}
/**
- * A factory method to lazily create the endpointUri if none is specified
+ * A factory method to lazily create the endpointUri if none is specified
*/
protected String createEndpointUri() {
return null;
@@ -217,6 +222,7 @@ public abstract class DefaultEndpoint im
setEndpointUri(value);
}
}
+
protected void setEndpointUri(String endpointUri) {
this.endpointUri = endpointUri;
}
@@ -233,4 +239,9 @@ public abstract class DefaultEndpoint im
public void stop() throws Exception {
// noop
}
+
+ public static String sanitizeUri(String uri) {
+ return uri == null ? null : SECRETS.matcher(uri).replaceAll("$1=******");
+ }
+
}
Added: camel/trunk/camel-core/src/test/java/org/apache/camel/impl/DefaultEndpointTest.java
URL: http://svn.apache.org/viewvc/camel/trunk/camel-core/src/test/java/org/apache/camel/impl/DefaultEndpointTest.java?rev=992207&view=auto
==============================================================================
--- camel/trunk/camel-core/src/test/java/org/apache/camel/impl/DefaultEndpointTest.java (added)
+++ camel/trunk/camel-core/src/test/java/org/apache/camel/impl/DefaultEndpointTest.java Fri Sep 3 05:11:07 2010
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.impl;
+
+import org.apache.camel.ContextTestSupport;
+
+/**
+ * @version $Revision$
+ */
+public class DefaultEndpointTest extends ContextTestSupport {
+
+ public void testSanitizeUri() {
+ assertNull(DefaultEndpoint.sanitizeUri(null));
+ assertEquals("", DefaultEndpoint.sanitizeUri(""));
+ assertSanitizedUriUnchanged("http://camel.apache.org");
+ assertSanitizedUriUnchanged("irc://irc.codehaus.org/camel");
+ assertSanitizedUriUnchanged("direct:foo?bar=123&cheese=yes");
+ assertSanitizedUriUnchanged("https://issues.apache.org/activemq/secure/AddComment!default.jspa?id=33239");
+ assertEquals("ftp://host.mysite.com/records?passiveMode=true&user=someuser&password=******",
+ DefaultEndpoint.sanitizeUri("ftp://host.mysite.com/records?passiveMode=true&user=someuser&password=superSecret"));
+ assertEquals("sftp://host.mysite.com/records?user=someuser&privateKeyFile=key.file&privateKeyFilePassphrase=******&knownHostsFile=hosts.list",
+ DefaultEndpoint.sanitizeUri("sftp://host.mysite.com/records?user=someuser&privateKeyFile=key.file&privateKeyFilePassphrase=superSecret&knownHostsFile=hosts.list"));
+ }
+
+ public void assertSanitizedUriUnchanged(String uri) {
+ assertEquals(uri, DefaultEndpoint.sanitizeUri(uri));
+ }
+
+}