[CXF-9067] MaskSensitiveHelper incorrectly masks wrapper element - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.5.9, 4.0.5, 3.6.4
Fix Version/s: 4.1.0, 3.5.10, 3.6.5, 4.0.6
Component/s: logging
Labels:
- bug
- logging

Estimated Complexity:
Novice
Flags:

Patch
Language:
- java

Description

The regex in MaskSensitiveHelper matching possible xml attributes is too relaxed, and will match wrappers starting with the same characters as the sensitive element.

This f.ex does not correctly mask the password element:

maskSensitiveHelper.addSensitiveElementNames(Set.of("password"))

raw data:

<passwords><password>my secret password</password></passwords>

expected:

<passwords><password>XXX</password></passwords>

actual:

<passwords>XXX</password></passwords>

Attachments

Issue Links

links to

GitHub Pull Request #2106

Activity

People

Assignee:: Unassigned

Reporter:: Daniel Holm

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Oct/24 14:29

Updated:: 16/Oct/24 00:56

Resolved:: 16/Oct/24 00:56

Time Tracking

Estimated:

0.25h

Remaining:

0.25h

Logged:

Not Specified