This is an automated email from the ASF dual-hosted git repository. reta pushed a commit to branch 4.0.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit d944d89e64afd646b2797949173182408024aee6 Author: Daniel Holm <[email protected]> AuthorDate: Mon Oct 14 20:35:52 2024 +0200 [CXF-9067] Fix MaskSensitiveHelper incorrectly matching wrapper element (#2106) - Update the regex pattern in `MATCH_PATTERN_XML_TEMPLATE` to strictly match the element name, avoiding incorrect matches with similar names. - Add new test cases in `MaskSensitiveHelperTest` to verify the correct masking of sensitive data within wrapper elements. (cherry picked from commit 77afe82ccd5c0eea583ebebcc9e10bd7e784581d) --- .../main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java | 2 +- .../java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java index 94f2aa7c4a..8387fcfbc2 100644 --- a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java +++ b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java @@ -32,7 +32,7 @@ public class MaskSensitiveHelper { + "\\u00F8-\\u02FF\\u0300-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u203F-\\u2040\\u2070-\\u218F" + "\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD]+"; private static final String MATCH_PATTERN_XML_TEMPLATE = "(<(" + PATTERN_XML_NAMESPACE_PREFIX - + ":)?-ELEMENT_NAME-.*?>)(.*?)(</(" + PATTERN_XML_NAMESPACE_PREFIX + ":)?-ELEMENT_NAME->)"; + + ":)?-ELEMENT_NAME-\\b[^>]*>)(.*?)(</(" + PATTERN_XML_NAMESPACE_PREFIX + ":)?-ELEMENT_NAME->)"; private static final String REPLACEMENT_XML_TEMPLATE = "$1XXX$4"; private static final String MATCH_PATTERN_JSON_TEMPLATE = "\"-ELEMENT_NAME-\"[ \\t]*:[ \\t]*\"(.*?)\""; private static final String REPLACEMENT_JSON_TEMPLATE = "\"-ELEMENT_NAME-\": \"XXX\""; diff --git a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java index a61e5032b8..1b1a20fb35 100644 --- a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java +++ b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java @@ -56,6 +56,11 @@ public class MaskSensitiveHelperTest { private static final String MASKED_LOGGING_CONTENT_XML_WITH_ATTRIBUTE = "<user>testUser</user><password myAttribute=\"test\">XXX</password>"; + private static final String SENSITIVE_LOGGING_CONTENT_XML_WITH_WRAPPER = + "<passwords><password>my secret password</password></passwords>"; + private static final String MASKED_LOGGING_CONTENT_XML_WITH_WITH_WRAPPER = + "<passwords><password>XXX</password></passwords>"; + private static final String SENSITIVE_LOGGING_CONTENT_JSON = "\"user\":\"testUser\", \"password\": \"my secret password\""; private static final String MASKED_LOGGING_CONTENT_JSON = @@ -93,6 +98,7 @@ public class MaskSensitiveHelperTest { return Arrays.asList(new Object[][] { {SENSITIVE_LOGGING_CONTENT_XML, MASKED_LOGGING_CONTENT_XML, APPLICATION_XML}, {SENSITIVE_LOGGING_CONTENT_XML_WITH_ATTRIBUTE, MASKED_LOGGING_CONTENT_XML_WITH_ATTRIBUTE, APPLICATION_XML}, + {SENSITIVE_LOGGING_CONTENT_XML_WITH_WRAPPER, MASKED_LOGGING_CONTENT_XML_WITH_WITH_WRAPPER, APPLICATION_XML}, {SENSITIVE_LOGGING_MULTIPLE_ELEMENT_XML, MASKED_LOGGING_MULTIPLE_ELEMENT_XML, APPLICATION_XML}, {SENSITIVE_LOGGING_CONTENT_XML_WITH_NAMESPACE, MASKED_LOGGING_CONTENT_XML_WITH_NAMESPACE, APPLICATION_XML}, {SENSITIVE_LOGGING_CONTENT_JSON, MASKED_LOGGING_CONTENT_JSON, APPLICATION_JSON}
