PavelZeger opened a new pull request, #25576: URL: https://github.com/apache/pulsar/pull/25576
Fixes https://github.com/apache/pulsar/issues/25324 ## Motivation `TransactionMetaStoreHandler.toStringSubscriptionList()` builds a string from user-controlled `topic` and `subscription` fields without sanitizing them. This violates CWE-74 (Injection) — malicious input containing special characters such as newlines (`\n`), tabs (`\t`), or brackets could forge log entries or corrupt exception messages that surface to callers. ## Modifications - Applied `StringEscapeUtils.escapeJava()` from Apache Commons Text (already a transitive dependency) to sanitize `topic` and `subscription` fields in `toStringSubscriptionList()` - Replaced manual `StringBuilder` concatenation with `StringJoiner` for cleaner output formatting ## Verifying this change - [ ] Make sure that the change passes the CI checks. This change added tests and can be verified as follows: - Added `testAddSubscriptionToTxnDescriptionSanitized` to verify that non-printable characters (`\n`, `\t`) in topic/subscription fields are escaped in the output - Added `testAddSubscriptionToTxnDescriptionBracketInjection` to verify that bracket injection attempts in topic fields do not corrupt the output structure ## Does this pull request potentially affect one of the following parts: - [ ] Dependencies (add or upgrade a dependency) - [ ] The public API - [ ] The schema - [ ] The default values of configurations - [ ] The threading model - [ ] The binary protocol - [ ] The REST endpoints - [ ] The admin CLI options - [ ] The metrics - [ ] Anything that affects deployment -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
