[
https://issues.apache.org/jira/browse/CXF-9141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benedikt Kaiser updated CXF-9141:
---------------------------------
Description:
We encounter a bug where {{org.apache.cxf.ext.logging.MaskSensitiveHelper}}
fails to match text correctly and scrambles up the message. It happens when
masking an element that occurs multiple times in the message string. In cases
where the first occurance is a self-closing tag e.g. {{<a/>}} and a later
occurance contains a value {{{{<a>value</a>}}}} the regex will match everything
from the first occurence until the second and replace it. This of course leads
to a invalid XML with all the data in between missing.
For example:
{code:java}
<one>
<password/>
</one>
<two>
<password>Value</password>
</two>{code}
is turned into
{code:java}
<one>
<password/>XXX</password>
</two>{code}
h4. Proposal
I opened a pull request: [https://github.com/apache/cxf/pull/2425]
The proposed solution does not match self-closing tags, by adding {{/}} to the
list of excluded characters in the opening tag. Ignoring self-closing tags is
acceptable as they have no content to mask anyways and this way the regex match
does not run into the described issue.
was:
We encounter a bug where `org.apache.cxf.ext.logging.MaskSensitiveHelper` fails
to match text correctly and scrambles up the message. It happens when masking
an element that occurs multiple times in the message string. In cases where the
first occurance is a self-closing tag e.g. {{<a/>}} and a later occurance
contains a value {{<a>value</a>}} the regex will match everything from the
first occurence until the second and replace it. This of course leads to a
invalid XML with all the data in between missing.
For example:
<one>
<password/>
</one>
<two>
<password>Value</password>
</two>
is turned into
<one>
<password/>XXX</password>
</two>
h4. Proposal
I opened a pull request: [https://github.com/apache/cxf/pull/2425]
The proposed solution does not match self-closing tags, by adding {{/}} to the
list of excluded characters in the opening tag. Ignoring self-closing tags is
acceptable as they have no content to mask anyways and this way the regex match
does not run into the described issue.
> MaskSensitiveHelperMasking malfunctions for empty tags
> ------------------------------------------------------
>
> Key: CXF-9141
> URL: https://issues.apache.org/jira/browse/CXF-9141
> Project: CXF
> Issue Type: Bug
> Affects Versions: 4.1.2
> Reporter: Benedikt Kaiser
> Priority: Blocker
>
> We encounter a bug where {{org.apache.cxf.ext.logging.MaskSensitiveHelper}}
> fails to match text correctly and scrambles up the message. It happens when
> masking an element that occurs multiple times in the message string. In cases
> where the first occurance is a self-closing tag e.g. {{<a/>}} and a later
> occurance contains a value {{{{<a>value</a>}}}} the regex will match
> everything from the first occurence until the second and replace it. This of
> course leads to a invalid XML with all the data in between missing.
> For example:
> {code:java}
> <one>
> <password/>
> </one>
> <two>
> <password>Value</password>
> </two>{code}
> is turned into
> {code:java}
> <one>
> <password/>XXX</password>
> </two>{code}
>
>
> h4. Proposal
> I opened a pull request: [https://github.com/apache/cxf/pull/2425]
>
> The proposed solution does not match self-closing tags, by adding {{/}} to
> the list of excluded characters in the opening tag. Ignoring self-closing
> tags is acceptable as they have no content to mask anyways and this way the
> regex match does not run into the described issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
