[jira] [Created] (CXF-9067) MaskSensitiveHelper incorrectly masks wrapper element

Daniel Holm (Jira) Mon, 14 Oct 2024 07:31:24 -0700

Daniel Holm created CXF-9067:
--------------------------------

             Summary: MaskSensitiveHelper incorrectly masks wrapper element
                 Key: CXF-9067
                 URL: https://issues.apache.org/jira/browse/CXF-9067
             Project: CXF
          Issue Type: Bug
          Components: logging
    Affects Versions: 4.0.5
            Reporter: Daniel Holm



The regex in MaskSensitiveHelper matching possible xml attributes is too 
relaxed, and will match wrappers starting with the same characters as the 
sensitive element.

 

This f.ex does not correctly mask the password element:
{code:java}
maskSensitiveHelper.addSensitiveElementNames(Set.of("password")) {code}
raw data:

 
{code:java}
<passwords><password>my secret password</password></passwords> {code}
expected:

 

 
{code:java}
<passwords><password>XXX</password></passwords>{code}
 

actual:

 
{code:java}
<passwords>XXX</password></passwords>{code}
 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9067) MaskSensitiveHelper incorrectly masks wrapper element

Reply via email to