[camel] branch master updated: CAMEL-13697: URISupport - Mask accessToken and clientSecret in uri logging

Fri, 28 Jun 2019 00:25:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/master by this push:
     new 3474c4d  CAMEL-13697: URISupport - Mask accessToken and clientSecret 
in uri logging
3474c4d is described below

commit 3474c4d26237dda784bb034158b0c720afd78a7c
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Fri Jun 28 09:18:15 2019 +0200

    CAMEL-13697: URISupport - Mask accessToken and clientSecret in uri logging
---
 core/camel-util/src/main/java/org/apache/camel/util/URISupport.java | 2 +-
 .../src/test/java/org/apache/camel/util/URISupportTest.java         | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git 
a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java 
b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
index 74706b6..a3c8f0c 100644
--- a/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
+++ b/core/camel-util/src/main/java/org/apache/camel/util/URISupport.java
@@ -39,7 +39,7 @@ public final class URISupport {
     // Match any key-value pair in the URI query string whose key contains
     // "passphrase" or "password" or secret key (case-insensitive).
     // First capture group is the key, second is the value.
-    private static final Pattern SECRETS = 
Pattern.compile("([?&][^=]*(?:passphrase|password|secretKey)[^=]*)=(RAW[({].*[)}]|[^&]*)",
 Pattern.CASE_INSENSITIVE);
+    private static final Pattern SECRETS = 
Pattern.compile("([?&][^=]*(?:passphrase|password|secretKey|accessToken|clientSecret)[^=]*)=(RAW[({].*[)}]|[^&]*)",
 Pattern.CASE_INSENSITIVE);
 
     // Match the user password in the URI as second capture group
     // (applies to URI with authority component and userinfo token in the form
diff --git 
a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java 
b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
index 9a78d77..69340e1 100644
--- a/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
+++ b/core/camel-util/src/test/java/org/apache/camel/util/URISupportTest.java
@@ -240,6 +240,12 @@ public class URISupportTest {
     }
 
     @Test
+    public void testSanitizeAccessToken() throws Exception {
+        String out1 = 
URISupport.sanitizeUri("google-sheets-stream://spreadsheets?accessToken=MY_TOKEN&clientId=foo&clientSecret=MY_SECRET");
+        
assertEquals("google-sheets-stream://spreadsheets?accessToken=xxxxxx&clientId=foo&clientSecret=xxxxxx",
 out1);
+    }
+
+    @Test
     public void testSanitizeUriWithUserInfo() {
         String uri = 
"jt400://GEORGE:HARRISON@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.DTAQ";
         String expected = 
"jt400://GEORGE:xxxxxx@LIVERPOOL/QSYS.LIB/BEATLES.LIB/PENNYLANE.DTAQ";

Reply via email to