This is an automated email from the ASF dual-hosted git repository. ffang pushed a commit to branch 3.2.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit f765275c79bc4d8dadf0a8adc51ccc4c8121ca29 Author: Freeman Fang <[email protected]> AuthorDate: Mon Aug 27 16:20:53 2018 +0800 [CXF-7828]shouldn't log JMS password from JMS address when using JMS transport (cherry picked from commit c1da5b05663fd21a6482af06dbf6fc77cf324529) --- .../cxf/common/logging/RegexLoggingFilter.java | 117 +++++++++++++++++++++ .../java/org/apache/cxf/endpoint/ServerImpl.java | 11 +- .../cxf/common/logging/RegexLoggingFilterTest.java | 36 +++++++ 3 files changed, 163 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/org/apache/cxf/common/logging/RegexLoggingFilter.java b/core/src/main/java/org/apache/cxf/common/logging/RegexLoggingFilter.java new file mode 100644 index 0000000..098b797 --- /dev/null +++ b/core/src/main/java/org/apache/cxf/common/logging/RegexLoggingFilter.java @@ -0,0 +1,117 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.common.logging; + +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +public class RegexLoggingFilter { + + public static final String DEFAULT_REPLACEMENT = "*****"; + + private static class ReplaceRegEx { + private Pattern pattern; + private int group = 1; + private String replacement; + + ReplaceRegEx(String pattern, int group, String replacement) { + this.pattern = Pattern.compile(pattern); + this.group = group; + this.replacement = replacement; + } + + public CharSequence filter(CharSequence command) { + Matcher m = pattern.matcher(command); + int offset = 0; + while (m.find()) { + int origLen = command.length(); + command = new StringBuilder(command) + .replace(m.start(group) + offset, m.end(group) + offset, replacement).toString(); + offset += command.length() - origLen; + } + return command; + } + } + + private String regPattern; + private int regGroup = 1; + private String regReplacement = DEFAULT_REPLACEMENT; + + private List<ReplaceRegEx> regexs = new ArrayList<ReplaceRegEx>(); + + public CharSequence filter(CharSequence command) { + if (regPattern != null) { + command = new ReplaceRegEx(regPattern, regGroup, regReplacement).filter(command); + } + for (ReplaceRegEx regex : regexs) { + command = regex.filter(command); + } + return command; + } + + public void addRegEx(String pattern) { + addRegEx(pattern, 1); + } + + public void addRegEx(String pattern, int group) { + addRegEx(pattern, group, DEFAULT_REPLACEMENT); + } + + public void addRegEx(String pattern, int group, String replacement) { + regexs.add(new ReplaceRegEx(pattern, group, replacement)); + } + + public void addCommandOption(String option, String... commands) { + String pattern = "("; + for (String command : commands) { + if (pattern.length() > 1) { + pattern += "|"; + } + pattern += Pattern.quote(command); + } + pattern += ") +.*?" + Pattern.quote(option) + " +([^ ]+)"; + regexs.add(new ReplaceRegEx(pattern, 2, DEFAULT_REPLACEMENT)); + } + + public String getPattern() { + return regPattern; + } + + public void setPattern(String pattern) { + this.regPattern = pattern; + } + + public String getReplacement() { + return regReplacement; + } + + public void setReplacement(String replacement) { + this.regReplacement = replacement; + } + + public int getGroup() { + return regGroup; + } + + public void setGroup(int group) { + this.regGroup = group; + } +} diff --git a/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java b/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java index 6437418..089859c 100644 --- a/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java +++ b/core/src/main/java/org/apache/cxf/endpoint/ServerImpl.java @@ -30,6 +30,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusException; import org.apache.cxf.binding.BindingFactory; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.common.logging.RegexLoggingFilter; import org.apache.cxf.management.InstrumentationManager; import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.transport.Destination; @@ -82,7 +83,15 @@ public class ServerImpl implements Server { } destination = destinationFactory.getDestination(ei, bus); - LOG.info("Setting the server's publish address to be " + ei.getAddress()); + String wantFilter = ei.getAddress(); + + if (wantFilter != null && wantFilter.startsWith("jms")) { + RegexLoggingFilter filter = new RegexLoggingFilter(); + filter.setPattern("jms(.*?)password=+([^ ]+)[.]"); + filter.setGroup(2); + wantFilter = (String)filter.filter(wantFilter); + } + LOG.info("Setting the server's publish address to be " + wantFilter); serverRegistry = bus.getExtension(ServerRegistry.class); mep = createManagedEndpoint(); diff --git a/core/src/test/java/org/apache/cxf/common/logging/RegexLoggingFilterTest.java b/core/src/test/java/org/apache/cxf/common/logging/RegexLoggingFilterTest.java new file mode 100644 index 0000000..f153d72 --- /dev/null +++ b/core/src/test/java/org/apache/cxf/common/logging/RegexLoggingFilterTest.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.common.logging; + +import org.junit.Assert; +import org.junit.Test; + +public class RegexLoggingFilterTest extends Assert { + + @Test + public void testFilter() throws Exception { + String wantFilter = "jms:queue:soapRequestQueue?username=admin&password=admin123."; + RegexLoggingFilter filter = new RegexLoggingFilter(); + filter.setPattern("jms(.*?)password=+([^ ]+)[.]"); + filter.setGroup(2); + wantFilter = (String)filter.filter(wantFilter); + assertEquals(wantFilter, "jms:queue:soapRequestQueue?username=admin&password=*****."); + } + +}
