[
https://issues.apache.org/jira/browse/CXF-9067?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko updated CXF-9067:
------------------------------
Affects Version/s: 3.6.4
> MaskSensitiveHelper incorrectly masks wrapper element
> -----------------------------------------------------
>
> Key: CXF-9067
> URL: https://issues.apache.org/jira/browse/CXF-9067
> Project: CXF
> Issue Type: Bug
> Components: logging
> Affects Versions: 4.0.5, 3.6.4
> Reporter: Daniel Holm
> Priority: Minor
> Labels: bug, logging
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The regex in MaskSensitiveHelper matching possible xml attributes is too
> relaxed, and will match wrappers starting with the same characters as the
> sensitive element.
>
> This f.ex does not correctly mask the password element:
> {code:java}
> maskSensitiveHelper.addSensitiveElementNames(Set.of("password")) {code}
> raw data:
> {code:java}
> <passwords><password>my secret password</password></passwords> {code}
> expected:
> {code:java}
> <passwords><password>XXX</password></passwords>{code}
> actual:
> {code:java}
> <passwords>XXX</password></passwords>{code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
