[camel] branch camel-3.0.x updated: CAMEL-14375: camel-kafka - The saslJaasConfig option may contain sensitive information that can be logged

Wed, 08 Jan 2020 05:37:46 -0800 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch camel-3.0.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-3.0.x by this push:
     new e46fa51  CAMEL-14375: camel-kafka - The saslJaasConfig option may 
contain sensitive information that can be logged
e46fa51 is described below

commit e46fa51f6481c717850d1bcef7a86be7b9f6f641
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Wed Jan 8 14:36:41 2020 +0100

    CAMEL-14375: camel-kafka - The saslJaasConfig option may contain sensitive 
information that can be logged
---
 core/camel-util/src/main/java/org/apache/camel/util/URISupport.java | 2 +-
 .../src/test/java/org/apache/camel/util/URISupportTest.java         | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git 
a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java 
b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
index b3dcc2b..c5dcda6 100644
--- a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
+++ b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
@@ -39,7 +39,7 @@ public final class URISupport {
     // Match any key-value pair in the URI query string whose key contains
     // "passphrase" or "password" or secret key (case-insensitive).
     // First capture group is the key, second is the value.
-    private static final Pattern SECRETS = 
Pattern.compile("([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret|authorizationToken)[^=]*)=(RAW[({].*[)}]|[^&]*)",
 Pattern.CASE_INSENSITIVE);
+    private static final Pattern SECRETS = 
Pattern.compile("([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret|authorizationToken|saslJaasConfig)[^=]*)=(RAW[({].*[)}]|[^&]*)",
 Pattern.CASE_INSENSITIVE);
 
     // Match the user password in the URI as second capture group
     // (applies to URI with authority component and userinfo token in the form
diff --git 
a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java 
b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
index ca23e2b..60cad52 100644
--- a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -304,6 +304,12 @@ public class URISupportTest {
     }
 
     @Test
+    public void testSanitizeSaslJaasConfig() throws Exception {
+        String out1 = 
URISupport.sanitizeUri("kafka://MY-TOPIC-NAME?saslJaasConfig=org.apache.kafka.common.security.plain.PlainLoginModule
 required username=scott password=tiger");
+        assertEquals("kafka://MY-TOPIC-NAME?saslJaasConfig=xxxxxx", out1);
+    }
+
+    @Test
     public void testNormalizeEndpointUriWithUserInfoSpecialSign() throws 
Exception {
         String out1 = 
URISupport.normalizeUri("ftp://us%40r:t%st@localhost:21000/tmp3/camel?foo=us@r";);
         
assertEquals("ftp://us%40r:t%25st@localhost:21000/tmp3/camel?foo=us%40r";, out1);

Reply via email to