[camel] branch master updated: CAMEL-13191: Fix Regex Pattern to hide passwords in URI (#2766)

Wed, 13 Feb 2019 20:44:59 -0800 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/master by this push:
     new 9ba42a4  CAMEL-13191: Fix Regex Pattern to hide passwords in URI  
(#2766)
9ba42a4 is described below

commit 9ba42a4f47516e0773d8608d9c017b6062fa5453
Author: drmaniac <christian.pieczew...@gmail.com>
AuthorDate: Thu Feb 14 05:44:39 2019 +0100

    CAMEL-13191: Fix Regex Pattern to hide passwords in URI  (#2766)
    
    * CAMEL-13191: Fix Regex Pattern to hide passwords in URI which contains 
colons
    
    * CAMEL-13191: Fix Regex pattern for PATH_USERINFO_PASSWORD to hide collon 
passwords
    
    * correct Collon to Colon
    
    * Remove unnecessary system.out
---
 .../src/main/java/org/apache/camel/util/URISupport.java    |  4 ++--
 .../test/java/org/apache/camel/util/URISupportTest.java    | 14 ++++++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git 
a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java 
b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
index 215da85..429e8dcb 100644
--- a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
+++ b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
@@ -44,12 +44,12 @@ public final class URISupport {
     // Match the user password in the URI as second capture group
     // (applies to URI with authority component and userinfo token in the form
     // "user:password").
-    private static final Pattern USERINFO_PASSWORD = 
Pattern.compile("(.*://.*:)(.*)(@)");
+    private static final Pattern USERINFO_PASSWORD = 
Pattern.compile("(.*://.*?:)(.*)(@)");
 
     // Match the user password in the URI path as second capture group
     // (applies to URI path with authority component and userinfo token in the
     // form "user:password").
-    private static final Pattern PATH_USERINFO_PASSWORD = 
Pattern.compile("(.*:)(.*)(@)");
+    private static final Pattern PATH_USERINFO_PASSWORD = 
Pattern.compile("(.*?:)(.*)(@)");
 
     private static final String CHARSET = "UTF-8";
 
diff --git 
a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java 
b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
index 63e5dc5..6b28e60 100644
--- a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -247,6 +247,13 @@ public class URISupportTest {
     }
 
     @Test
+    public void testSanitizeUriWithUserInfoAndColonPassword() {
+        String uri = "sftp://USERNAME:HARRISON:co...@sftp.server.test";;
+        String expected = "sftp://USERNAME:xxx...@sftp.server.test";;
+        assertEquals(expected, URISupport.sanitizeUri(uri));
+    }
+
+    @Test
     public void testSanitizePathWithUserInfo() {
         String path = 
"GEORGE:HARRISON@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.PGM";
         String expected = 
"GEORGE:xxxxxx@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.PGM";
@@ -254,6 +261,13 @@ public class URISupportTest {
     }
 
     @Test
+    public void testSanitizePathWithUserInfoAndColonPassword() {
+        String path = "USERNAME:HARRISON:co...@sftp.server.test";
+        String expected = "USERNAME:xxx...@sftp.server.test";
+        assertEquals(expected, URISupport.sanitizePath(path));
+    }
+
+    @Test
     public void testSanitizePathWithoutSensitiveInfoIsUnchanged() {
         String path = "myhost:8080/mypath";
         assertEquals(path, URISupport.sanitizePath(path));

Reply via email to