Benedikt Kaiser created CXF-9141:
------------------------------------
Summary: MaskSensitiveHelperMasking malfunctions for empty tags
Key: CXF-9141
URL: https://issues.apache.org/jira/browse/CXF-9141
Project: CXF
Issue Type: Bug
Affects Versions: 4.1.2
Reporter: Benedikt Kaiser
We encounter a bug where `org.apache.cxf.ext.logging.MaskSensitiveHelper` fails
to match text correctly and scrambles up the message. It happens when masking
an element that occurs multiple times in the message string. In cases where the
first occurance is a self-closing tag e.g. {{<a/>}} and a later occurance
contains a value {{<a>value</a>}} the regex will match everything from the
first occurence until the second and replace it. This of course leads to a
invalid XML with all the data in between missing.
For example:
<one>
<password/>
</one>
<two>
<password>Value</password>
</two>
is turned into
<one>
<password/>XXX</password>
</two>
h4. Proposal
I opened a pull request: [https://github.com/apache/cxf/pull/2425]
The proposed solution does not match self-closing tags, by adding {{/}} to the
list of excluded characters in the opening tag. Ignoring self-closing tags is
acceptable as they have no content to mask anyways and this way the regex match
does not run into the described issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
