Updated Branches: refs/heads/master 7c56a81bd -> bec00cce4
CLOUDSTACK-505: Converted regex expressions to pre-compiled Pattern objects This was done for performance reasons. I also refined the regex strings and added more test cases for different string scenarios. Signed-off-by: Chip Childers <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/bec00cce Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/bec00cce Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/bec00cce Branch: refs/heads/master Commit: bec00cce4692c02ed5395b4c4acc40624a41198c Parents: 7c56a81 Author: Chip Childers <[email protected]> Authored: Mon Dec 17 22:59:12 2012 -0500 Committer: Chip Childers <[email protected]> Committed: Mon Dec 17 23:01:19 2012 -0500 ---------------------------------------------------------------------- utils/src/com/cloud/utils/StringUtils.java | 13 +++- utils/test/com/cloud/utils/StringUtilsTest.java | 62 ++++++++++++++++-- 2 files changed, 65 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/bec00cce/utils/src/com/cloud/utils/StringUtils.java ---------------------------------------------------------------------- diff --git a/utils/src/com/cloud/utils/StringUtils.java b/utils/src/com/cloud/utils/StringUtils.java index 31b1a10..729553b 100644 --- a/utils/src/com/cloud/utils/StringUtils.java +++ b/utils/src/com/cloud/utils/StringUtils.java @@ -21,6 +21,7 @@ import static java.util.Arrays.*; import java.util.ArrayList; import java.util.Iterator; import java.util.List; +import java.util.regex.Pattern; // StringUtils exists in Apache Commons Lang, but rather than import the entire JAR to our system, for now // just implement the method needed @@ -135,13 +136,17 @@ public class StringUtils { return sb.toString(); } + // removes a password request param and it's value + private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("&?password=.*?(?=[&'\"])"); + + // removes a password property from a response json object + private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"password\":\".*?\",?"); + // Responsible for stripping sensitive content from request and response strings public static String cleanString(String stringToClean){ String cleanResult = ""; - // removes a password request param and it's value - cleanResult = stringToClean.replaceAll("password=.*?&", ""); - // removes a password property from a response json object - cleanResult = cleanResult.replaceAll("\"password\":\".*?\",", ""); + cleanResult = REGEX_PASSWORD_QUERYSTRING.matcher(stringToClean).replaceAll(""); + cleanResult = REGEX_PASSWORD_JSON.matcher(cleanResult).replaceAll(""); return cleanResult; } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/bec00cce/utils/test/com/cloud/utils/StringUtilsTest.java ---------------------------------------------------------------------- diff --git a/utils/test/com/cloud/utils/StringUtilsTest.java b/utils/test/com/cloud/utils/StringUtilsTest.java index f25db97..3c162c7 100644 --- a/utils/test/com/cloud/utils/StringUtilsTest.java +++ b/utils/test/com/cloud/utils/StringUtilsTest.java @@ -22,15 +22,41 @@ import com.cloud.utils.StringUtils; public class StringUtilsTest { @Test - public void testCleanJsonObject() { - String input = "{\"description\":\"foo\"}],\"password\":\"bar\",\"nic\":[{\"id\":\"1\"}]}"; - String expected = "{\"description\":\"foo\"}],\"nic\":[{\"id\":\"1\"}]}"; + public void testCleanPasswordFromJsonObjectAtEnd() { + String input = "{\"foo\":\"bar\",\"password\":\"test\"}"; + //TODO: It would be nice to clean up the regex in question to not + //have to return the trailing comma in the expected string below + String expected = "{\"foo\":\"bar\",}"; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } + + @Test + public void testCleanPasswordFromJsonObjectInMiddle() { + String input = "{\"foo\":\"bar\",\"password\":\"test\",\"test\":\"blah\"}"; + String expected = "{\"foo\":\"bar\",\"test\":\"blah\"}"; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } + + @Test + public void testCleanPasswordFromJsonObjectAlone() { + String input = "{\"password\":\"test\"}"; + String expected = "{}"; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } + + @Test + public void testCleanPasswordFromJsonObjectAtStart() { + String input = "{\"password\":\"test\",\"test\":\"blah\"}"; + String expected = "{\"test\":\"blah\"}"; String result = StringUtils.cleanString(input); assertEquals(result, expected); } @Test - public void testCleanJsonObjectWithMultiplePasswords() { + public void testCleanPasswordFromJsonObjectWithMultiplePasswords() { String input = "{\"description\":\"foo\"}],\"password\":\"bar\",\"nic\":[{\"password\":\"bar2\",\"id\":\"1\"}]}"; String expected = "{\"description\":\"foo\"}],\"nic\":[{\"id\":\"1\"}]}"; String result = StringUtils.cleanString(input); @@ -38,7 +64,7 @@ public class StringUtilsTest { } @Test - public void testCleanRequestObject() { + public void testCleanPasswordFromRequestString() { String input = "username=foo&password=bar&url=foobar"; String expected = "username=foo&url=foobar"; String result = StringUtils.cleanString(input); @@ -46,11 +72,35 @@ public class StringUtilsTest { } @Test - public void testCleanRequestObjectWithMultiplePasswords() { + public void testCleanPasswordFromRequestStringWithMultiplePasswords() { String input = "username=foo&password=bar&url=foobar&password=bar2&test=4"; String expected = "username=foo&url=foobar&test=4"; String result = StringUtils.cleanString(input); assertEquals(result, expected); } + + @Test + public void testCleanPasswordFromRequestStringMatchedAtEndSingleQuote() { + String input = "'username=foo&password=bar'"; + String expected = "'username=foo'"; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } + + @Test + public void testCleanPasswordFromRequestStringMatchedAtEndDoubleQuote() { + String input = "\"username=foo&password=bar\""; + String expected = "\"username=foo\""; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } + + @Test + public void testCleanPasswordFromRequestStringMatchedAtMiddleDoubleQuote() { + String input = "\"username=foo&password=bar&goo=sdf\""; + String expected = "\"username=foo&goo=sdf\""; + String result = StringUtils.cleanString(input); + assertEquals(result, expected); + } }
