Author: joehni
Date: Sun Mar 22 19:59:51 2009
New Revision: 757246
URL: http://svn.apache.org/viewvc?rev=757246&view=rev
Log:
Mask password in URL provided as info to a FileSystemException (VFS-169).
Added:
commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java
(with props)
Modified:
commons/proper/vfs/trunk/core/src/main/java/org/apache/commons/vfs/FileSystemException.java
Modified:
commons/proper/vfs/trunk/core/src/main/java/org/apache/commons/vfs/FileSystemException.java
URL:
http://svn.apache.org/viewvc/commons/proper/vfs/trunk/core/src/main/java/org/apache/commons/vfs/FileSystemException.java?rev=757246&r1=757245&r2=757246&view=diff
==============================================================================
---
commons/proper/vfs/trunk/core/src/main/java/org/apache/commons/vfs/FileSystemException.java
(original)
+++
commons/proper/vfs/trunk/core/src/main/java/org/apache/commons/vfs/FileSystemException.java
Sun Mar 22 19:59:51 2009
@@ -19,6 +19,8 @@
import org.apache.commons.vfs.util.Messages;
import java.io.IOException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
/**
* Thrown for file system errors.
@@ -29,6 +31,9 @@
public class FileSystemException
extends IOException
{
+ private static final Pattern URL_PATTERN = Pattern.compile("[a-z]+://.*");
+ private static final Pattern PASSWORD_PATTERN =
Pattern.compile(":(?:[^/]+)@");
+
/**
* The Throwable that caused this exception to be thrown.
*/
@@ -123,7 +128,14 @@
this.info = new String[info.length];
for (int i = 0; i < info.length; i++)
{
- this.info[i] = String.valueOf(info[i]);
+ String value = String.valueOf(info[i]);
+ // mask passwords (VFS-169)
+ final Matcher urlMatcher = URL_PATTERN.matcher(value);
+ if (urlMatcher.find()) {
+ final Matcher pwdMatcher = PASSWORD_PATTERN.matcher(value);
+ value = pwdMatcher.replaceFirst(":***@");
+ }
+ this.info[i] = value;
}
}
this.code = code;
Added:
commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java
URL:
http://svn.apache.org/viewvc/commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java?rev=757246&view=auto
==============================================================================
---
commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java
(added)
+++
commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java
Sun Mar 22 19:59:51 2009
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.commons.vfs;
+
+import junit.framework.TestCase;
+
+
+/**
+ * Tests the {...@link FileSystemException}.
+ *
+ * @author Jörg Schaible
+ */
+public class FileSystemExceptionTest extends TestCase {
+ /**
+ * Tests a {...@link FileSystemException} containing info with a URL
containing a complete
+ * basic authentication.
+ */
+ public void testMasksPasswordOfUrlsWithBasicAuthentication() {
+ final FileSystemException fse = new FileSystemException(
+ "vfs.provider/rename.error", new String[]{
+ "file://test.bin", "http://foo:b...@junit.org/test.bin"});
+
+ assertEquals("file://test.bin", fse.getInfo()[0]);
+ assertEquals("http://foo:*...@junit.org/test.bin";, fse.getInfo()[1]);
+ }
+
+ /**
+ * Tests a {...@link FileSystemException} containing info with a URL
containing only the user
+ * information.
+ */
+ public void testDoesNotModifyUrlsWithoutPassword() {
+ final FileSystemException fse = new FileSystemException(
+ "vfs.provider/delete.error", new
String[]{"http://f...@junit.org/test.bin"});
+ assertEquals("http://f...@junit.org/test.bin";, fse.getInfo()[0]);
+ }
+
+ /**
+ * Tests a {...@link FileSystemException} containing info with a nested
URL containing a
+ * complete basic authentication.
+ */
+ public void testProperDetectionOfUrl() {
+ final FileSystemException fse = new FileSystemException(
+ "vfs.provider/delete.error", new
String[]{"zip:http://foo:b...@junit.org/test.bin"});
+ assertEquals("zip:http://foo:*...@junit.org/test.bin";,
fse.getInfo()[0]);
+ }
+
+}
Propchange:
commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
commons/proper/vfs/trunk/core/src/test/java/org/apache/commons/vfs/FileSystemExceptionTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id HeadURL Revision
