(cxf) 10/14: CXF-8691: Logging Feature - Sensitive element with arrays (JSON) (#2640)

reta Sat, 18 Oct 2025 10:15:43 -0700

This is an automated email from the ASF dual-hosted git repository.

reta pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


commit 7bdad70743ab4a51830faf63f1a63e7647ef842c
Author: Andriy Redko <[email protected]>
AuthorDate: Sat Oct 4 17:45:05 2025 -0400

    CXF-8691: Logging Feature - Sensitive element with arrays (JSON) (#2640)
    
    (cherry picked from commit ad81da5000b6a14d760ca5d1c0b5626c7a592b1b)
    (cherry picked from commit e0a24da3da82b132f16f5d6f73cee757a44b5619)
---
 .../java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java | 12 ++++++++++--
 .../org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java  |  7 ++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git 
a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
 
b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
index 22957887be..e6ec38eeb3 100644
--- 
a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
+++ 
b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
@@ -34,6 +34,10 @@ public class MaskSensitiveHelper {
     private static final String MATCH_PATTERN_XML_TEMPLATE = "(<(" + 
PATTERN_XML_NAMESPACE_PREFIX
             + ":)?-ELEMENT_NAME-\\b[^>/]*>)(.*?)(</(" + 
PATTERN_XML_NAMESPACE_PREFIX + ":)?-ELEMENT_NAME->)";
     private static final String REPLACEMENT_XML_TEMPLATE = "$1XXX$4";
+    private static final String MATCH_PATTERN_JSON_TEMPLATE_ARRAY 
+        = "\"-ELEMENT_NAME-\"[ \\t]*:[ \\t]*[\\[]((\\s*\".\"),?)+[\\]]";
+    private static final String REPLACEMENT_JSON_TEMPLATE_ARRAY 
+        = "\"-ELEMENT_NAME-\": [\"X\",\"X\",\"X\"]";
     private static final String MATCH_PATTERN_JSON_TEMPLATE = 
"\"-ELEMENT_NAME-\"[ \\t]*:[ \\t]*\"(.*?)\"";
     private static final String REPLACEMENT_JSON_TEMPLATE = 
"\"-ELEMENT_NAME-\": \"XXX\"";
     private static final String MASKED_HEADER_VALUE = "XXX";
@@ -63,8 +67,12 @@ public class MaskSensitiveHelper {
 
     public void addSensitiveElementNames(final Set<String> 
inSensitiveElementNames) {
         for (final String sensitiveName : inSensitiveElementNames) {
-            addReplacementPair(MATCH_PATTERN_XML_TEMPLATE, 
REPLACEMENT_XML_TEMPLATE, sensitiveName, replacementsXML);
-            addReplacementPair(MATCH_PATTERN_JSON_TEMPLATE, 
REPLACEMENT_JSON_TEMPLATE, sensitiveName, replacementsJSON);
+            addReplacementPair(MATCH_PATTERN_XML_TEMPLATE, 
REPLACEMENT_XML_TEMPLATE,
+                sensitiveName, replacementsXML);
+            addReplacementPair(MATCH_PATTERN_JSON_TEMPLATE_ARRAY, 
REPLACEMENT_JSON_TEMPLATE_ARRAY,
+                sensitiveName, replacementsJSON);
+            addReplacementPair(MATCH_PATTERN_JSON_TEMPLATE, 
REPLACEMENT_JSON_TEMPLATE,
+                sensitiveName, replacementsJSON);
         }
     }
 
diff --git 
a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
 
b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
index 471a78a9ff..88d910b6c8 100644
--- 
a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
+++ 
b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
@@ -76,6 +76,10 @@ public class MaskSensitiveHelperTest {
     private static final String MASKED_LOGGING_CONTENT_JSON =
             "\"user\":\"testUser\", \"password\": \"XXX\"";
 
+    private static final String SENSITIVE_LOGGING_CONTENT_JSON_ARRAY =
+            "\"user\":\"testUser\", \"password\": 
[\"G\",\"e\",\"h\",\"e\",\"i\",\"m\",\"1\",\"2\",\"3\",\"!\"]";
+    private static final String MASKED_LOGGING_CONTENT_JSON_ARRAY =
+            "\"user\":\"testUser\", \"password\": [\"X\",\"X\",\"X\"]";
     private static final String SENSITIVE_LOGGING_MULTIPLE_ELEMENT_XML =
         "<item><user>testUser1</user><password myAttribute=\"test\">my secret 
password 1</password></item>"
             + "<item><user>testUser2</user><password>my secret password 
2</password></item>";
@@ -113,7 +117,8 @@ public class MaskSensitiveHelperTest {
             {SENSITIVE_LOGGING_XML_EMPTY_TAG_REPEATED, 
MASKED_LOGGING_XML_EMPTY_TAG_REPEATED, APPLICATION_XML},
             {SENSITIVE_LOGGING_MULTIPLE_ELEMENT_XML, 
MASKED_LOGGING_MULTIPLE_ELEMENT_XML, APPLICATION_XML},
             {SENSITIVE_LOGGING_CONTENT_XML_WITH_NAMESPACE, 
MASKED_LOGGING_CONTENT_XML_WITH_NAMESPACE, APPLICATION_XML},
-            {SENSITIVE_LOGGING_CONTENT_JSON, MASKED_LOGGING_CONTENT_JSON, 
APPLICATION_JSON}
+            {SENSITIVE_LOGGING_CONTENT_JSON, MASKED_LOGGING_CONTENT_JSON, 
APPLICATION_JSON},
+            {SENSITIVE_LOGGING_CONTENT_JSON_ARRAY, 
MASKED_LOGGING_CONTENT_JSON_ARRAY, APPLICATION_JSON}
         });
     }

(cxf) 10/14: CXF-8691: Logging Feature - Sensitive element with arrays (JSON) (#2640)

Reply via email to