[
https://issues.apache.org/jira/browse/CAMEL-13191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16767119#comment-16767119
]
Christian Pieczewski edited comment on CAMEL-13191 at 2/13/19 12:34 PM:
------------------------------------------------------------------------
Worst case scenario is if the colon is at the end of the password, than it will
only append the ''xxxxxx" -> clear password will be logged.
e.g.
uri: sftp://user:hidden:Password:@target.test
password: "hidden:Password:"
log -> sftp://user:hidden:Password:[email protected]
was (Author: pieczewski):
Worst case scenario is if the colon is at the end of the password, than it will
only append the ''xxxxxx" -> clear password will be logged.
> URISupport sanitizeUri don't hide complete password if password contains colon
> ------------------------------------------------------------------------------
>
> Key: CAMEL-13191
> URL: https://issues.apache.org/jira/browse/CAMEL-13191
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 2.23.1
> Reporter: Christian Pieczewski
> Priority: Major
>
> sanitizedUri don't hide the complete password if the password contains a
> colon.
> e.g.
> camel route URI is "sftp://user:hidden:[email protected]"; where the
> password is "hidden:password"
> the sanitizedUri method will only hide the last part of password
> (sftp://user:hidden:[email protected])
> {code:java|title=UnitTest}
> import org.apache.camel.util.URISupport;
> import org.junit.jupiter.api.Assertions;
> import org.junit.jupiter.api.Test;
> class UriSupportTest {
> @Test
> void testURISanitizeUri() {
> var sanitizedUri =
> URISupport.sanitizeUri("sftp://user:hidden:[email protected]";);
> Assertions.assertEquals("sftp://user:[email protected]";, sanitizedUri);
> }
> }
> {code}
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
