This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new ee537dc CAMEL-16146: SensitiveUtils should check for dash case.
ee537dc is described below
commit ee537dce91bb9d813ee67eee7e7baa2db4911f11
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Sun Feb 7 14:12:24 2021 +0100
CAMEL-16146: SensitiveUtils should check for dash case.
---
.../src/main/java/org/apache/camel/util/SensitiveUtils.java | 12 ++++++++----
.../test/java/org/apache/camel/util/SensitiveUtilsTest.java | 6 ++++++
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git
a/core/camel-util/src/main/java/org/apache/camel/util/SensitiveUtils.java
b/core/camel-util/src/main/java/org/apache/camel/util/SensitiveUtils.java
index 5fb6455..897dba7 100644
--- a/core/camel-util/src/main/java/org/apache/camel/util/SensitiveUtils.java
+++ b/core/camel-util/src/main/java/org/apache/camel/util/SensitiveUtils.java
@@ -24,14 +24,18 @@ import java.util.Set;
public final class SensitiveUtils {
private static final Set<String> SENSITIVE_KEYS = new HashSet<>(
- Arrays.asList("accesskey", "accesstoken", "authorizationtoken",
"clientsecret", "passphrase", "password",
- "sasljaasconfig", "secretkey", "access-key", "secret-key",
"client-secret", "access-token",
- "sasl-jaas-config", "authorization-token"));
+ Arrays.asList(
+ "accesskey", "accesstoken", "authorizationtoken",
+ "clientsecret",
+ "passphrase", "password",
+ "sasljaasconfig", "secretkey"));
private SensitiveUtils() {
}
public static boolean containsSensitive(String text) {
- return SENSITIVE_KEYS.contains(text.toLowerCase(Locale.ENGLISH));
+ text = text.toLowerCase(Locale.ENGLISH);
+ text = StringHelper.replaceAll(text, "-", "");
+ return SENSITIVE_KEYS.contains(text);
}
}
diff --git
a/core/camel-util/src/test/java/org/apache/camel/util/SensitiveUtilsTest.java
b/core/camel-util/src/test/java/org/apache/camel/util/SensitiveUtilsTest.java
index cebe89e..27a1a21 100644
---
a/core/camel-util/src/test/java/org/apache/camel/util/SensitiveUtilsTest.java
+++
b/core/camel-util/src/test/java/org/apache/camel/util/SensitiveUtilsTest.java
@@ -33,9 +33,15 @@ class SensitiveUtilsTest {
assertTrue(SensitiveUtils.containsSensitive("passphrase"));
assertTrue(SensitiveUtils.containsSensitive("password"));
assertTrue(SensitiveUtils.containsSensitive("sasljaasconfig"));
+ assertTrue(SensitiveUtils.containsSensitive("sasl-jaas-config"));
+ assertTrue(SensitiveUtils.containsSensitive("saslJaasConfig"));
assertTrue(SensitiveUtils.containsSensitive("secretkey"));
assertTrue(SensitiveUtils.containsSensitive("secret-key"));
+ assertTrue(SensitiveUtils.containsSensitive("secretKey"));
+ assertTrue(SensitiveUtils.containsSensitive("secret-Key"));
assertTrue(SensitiveUtils.containsSensitive("access-key"));
+ assertTrue(SensitiveUtils.containsSensitive("accessKey"));
+ assertTrue(SensitiveUtils.containsSensitive("access-Key"));
assertTrue(SensitiveUtils.containsSensitive("client-secret"));
assertTrue(SensitiveUtils.containsSensitive("authorization-token"));
