[
https://issues.apache.org/jira/browse/CXF-9141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andriy Redko resolved CXF-9141.
-------------------------------
Resolution: Fixed
> MaskSensitiveHelperMasking malfunctions for empty tags
> ------------------------------------------------------
>
> Key: CXF-9141
> URL: https://issues.apache.org/jira/browse/CXF-9141
> Project: CXF
> Issue Type: Bug
> Affects Versions: 4.1.2
> Reporter: Benedikt Kaiser
> Assignee: Freeman Yue Fang
> Priority: Minor
> Fix For: 4.1.3, 4.0.9, 3.6.8
>
>
> We encounter a bug where {{org.apache.cxf.ext.logging.MaskSensitiveHelper}}
> fails to match text correctly and scrambles up the message. It happens when
> masking an element that occurs multiple times in the message string. In cases
> where the first occurance is a self-closing tag e.g. {{<a/>}} and a later
> occurance contains a value {{{{<a>value</a>}}}} the regex will match
> everything from the first occurence until the second and replace it. This of
> course leads to a invalid XML with all the data in between missing.
> For example:
> {code:java}
> <one>
> <password/>
> </one>
> <two>
> <password>Value</password>
> </two>{code}
> is turned into
> {code:java}
> <one>
> <password/>XXX</password>
> </two>{code}
>
>
> h4. Proposal
> I opened a pull request: [https://github.com/apache/cxf/pull/2425]
>
> The proposed solution does not match self-closing tags, by adding {{/}} to
> the list of excluded characters in the opening tag. Ignoring self-closing
> tags is acceptable as they have no content to mask anyways and this way the
> regex match does not run into the described issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
