[
https://issues.apache.org/jira/browse/CAMEL-17452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen resolved CAMEL-17452.
---------------------------------
Resolution: Fixed
Thanks for the PR
> camel-util - URISupport#sanitizeUri sanitizes passwords incorrectly if
> remaining uri contains expression ${<expr>}
> ------------------------------------------------------------------------------------------------------------------
>
> Key: CAMEL-17452
> URL: https://issues.apache.org/jira/browse/CAMEL-17452
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 3.14.0
> Reporter: Claus Skou Nielsen
> Priority: Minor
> Fix For: 3.14.1, 3.15.0
>
>
> The following unit test demonstrates the problem with URISupport#sanitize:
> {code:java}
> @Test
> public void testSanitizeUriWithRawPasswordAndSimpleExpression() {
> String uriPlain =
> "http://foo?username=me&password=RAW(me#@123)&foo=bar&port=21&tempFileName=${file:name.noext}.tmp&anotherOption=true";
> String uriCurly =
> "http://foo?username=me&password=RAW{me#@123}&foo=bar&port=21&tempFileName=${file:name.noext}.tmp&anotherOption=true";;
> String expected =
> "http://foo?username=me&password=xxxxxx&foo=bar&port=21&tempFileName=${file:name.noext}.tmp&anotherOption=true";;
> // "http://foo?username=me&password=xxxxxx.tmp&anotherOption=true"; is
> the actual result
> assertEquals(expected, URISupport.sanitizeUri(uriPlain));
> assertEquals(expected, URISupport.sanitizeUri(uriCurly));
> }
> {code}
> The problem is that the SECRETS pattern in URISupport eagerly eats everything
> up until the ending of ${[file:name.noext|file:///name.noext]}.
> It can be resolved by changing the regex-pattern, like so:
> {code:java}
> private static final Pattern SECRETS = Pattern.compile(
>
> "([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret|authorizationToken|saslJaasConfig)[^=]*)=(RAW(([{][^}]*[}])|([(][^)]*[)]))|[^&]*)",
> Pattern.CASE_INSENSITIVE);
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
