(cxf) branch 4.0.x-fixes updated: address MaskSensitiveHelper error (#2705)

ffang Mon, 03 Nov 2025 09:39:57 -0800

This is an automated email from the ASF dual-hosted git repository.

ffang pushed a commit to branch 4.0.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git



The following commit(s) were added to refs/heads/4.0.x-fixes by this push:
     new a4d1d6077b0 address MaskSensitiveHelper error (#2705)
a4d1d6077b0 is described below

commit a4d1d6077b0b5be495c3b8fa4c46b76c59986e0c
Author: Freeman(Yue) Fang <[email protected]>
AuthorDate: Mon Nov 3 12:37:15 2025 -0500

    address MaskSensitiveHelper error (#2705)
    
    (cherry picked from commit 99668b56e9c39bac5efda2d53b94f03bd8fe02f0)
---
 .../cxf/ext/logging/MaskSensitiveHelper.java       |  5 +++--
 .../cxf/ext/logging/MaskSensitiveHelperTest.java   | 22 +++++++++++++++++++++-
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git 
a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
 
b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
index e6ec38eeb37..0795038c622 100644
--- 
a/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
+++ 
b/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java
@@ -31,8 +31,9 @@ public class MaskSensitiveHelper {
     private static final String PATTERN_XML_NAMESPACE_PREFIX = 
"[\\w.\\-\\u00B7\\u00C0-\\u00D6\\u00D8-\\u00F6"
             + 
"\\u00F8-\\u02FF\\u0300-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u203F-\\u2040\\u2070-\\u218F"
             + "\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD]+";
-    private static final String MATCH_PATTERN_XML_TEMPLATE = "(<(" + 
PATTERN_XML_NAMESPACE_PREFIX
-            + ":)?-ELEMENT_NAME-\\b[^>/]*>)(.*?)(</(" + 
PATTERN_XML_NAMESPACE_PREFIX + ":)?-ELEMENT_NAME->)";
+    private static final String MATCH_PATTERN_XML_TEMPLATE =
+        "(<(" + PATTERN_XML_NAMESPACE_PREFIX + ":)?-ELEMENT_NAME-\\b(?:(?!/>)" 
+            + "[^>])*?>)(.*?)(</(" + PATTERN_XML_NAMESPACE_PREFIX + 
":)?-ELEMENT_NAME->)";
     private static final String REPLACEMENT_XML_TEMPLATE = "$1XXX$4";
     private static final String MATCH_PATTERN_JSON_TEMPLATE_ARRAY 
         = "\"-ELEMENT_NAME-\"[ \\t]*:[ \\t]*[\\[]((\\s*\".\"),?)+[\\]]";
diff --git 
a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
 
b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
index 88d910b6c8c..761409b3a6a 100644
--- 
a/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
+++ 
b/rt/features/logging/src/test/java/org/apache/cxf/ext/logging/MaskSensitiveHelperTest.java
@@ -92,6 +92,23 @@ public class MaskSensitiveHelperTest {
 
     private static final String MASKED_LOGGING_CONTENT_XML_WITH_NAMESPACE =
             "<ns:user>testUser</ns:user><ns:password>XXX</ns:password>";
+    
+    // attributes with slash characters are supported
+    private static final String SENSITIVE_XML_WITH_NS_URI = "<root 
xmlns:x=\"http://a/b/c\";>"
+            + "<x:password alg=\"http://algo/sha-256\";>secret</x:password>"
+                                                            + "</root>";
+    private static final String MASKED_XML_WITH_NS_URI = "<root 
xmlns:x=\"http://a/b/c\";>"
+                                                         + "<x:password 
alg=\"http://algo/sha-256\";>XXX</x:password>"
+                                                         + "</root>";
+
+    // plain attribute value containing slashes
+    private static final String SENSITIVE_XML_WITH_ATTR_URL = "<root><password 
href=\"https://example.com/path\";>"
+        + "secret</password></root>";
+    private static final String MASKED_XML_WITH_ATTR_URL = "<root><password 
href=\"https://example.com/path\";>"
+        + "XXX</password></root>";
+
+    // Self-closing element
+    private static final String SELF_CLOSING_UNCHANGED = 
"<root><password/></root>";
 
     private static final Set<String> SENSITIVE_ELEMENTS = new 
HashSet<>(Arrays.asList("password"));
     private static final String APPLICATION_XML = "application/xml";
@@ -118,7 +135,10 @@ public class MaskSensitiveHelperTest {
             {SENSITIVE_LOGGING_MULTIPLE_ELEMENT_XML, 
MASKED_LOGGING_MULTIPLE_ELEMENT_XML, APPLICATION_XML},
             {SENSITIVE_LOGGING_CONTENT_XML_WITH_NAMESPACE, 
MASKED_LOGGING_CONTENT_XML_WITH_NAMESPACE, APPLICATION_XML},
             {SENSITIVE_LOGGING_CONTENT_JSON, MASKED_LOGGING_CONTENT_JSON, 
APPLICATION_JSON},
-            {SENSITIVE_LOGGING_CONTENT_JSON_ARRAY, 
MASKED_LOGGING_CONTENT_JSON_ARRAY, APPLICATION_JSON}
+            {SENSITIVE_LOGGING_CONTENT_JSON_ARRAY, 
MASKED_LOGGING_CONTENT_JSON_ARRAY, APPLICATION_JSON},
+            {SENSITIVE_XML_WITH_NS_URI, MASKED_XML_WITH_NS_URI, 
APPLICATION_XML },
+            {SENSITIVE_XML_WITH_ATTR_URL, MASKED_XML_WITH_ATTR_URL, 
APPLICATION_XML },
+            {SELF_CLOSING_UNCHANGED, SELF_CLOSING_UNCHANGED, APPLICATION_XML },
         });
     }

(cxf) branch 4.0.x-fixes updated: address MaskSensitiveHelper error (#2705)

Reply via email to