[CXF-8359] Masking sensitive elements does not work if the element has a property - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.4.1
Component/s: logging
Labels:
None

Estimated Complexity:
Unknown

Description

Given the template which is used in the MaskSensitiveHelper class: https://github.com/apache/cxf/blob/dc2f6af9ad09888cafb350f95935e9ec6abf8aee/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/MaskSensitiveHelper.java#L30

If, for example, we want to mask the wsse:Password element

logFeature.addSensitiveElementNames(new HashSet<>(Collections.singletonList("wsse:Password")));

but it contains a property

<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">some cleantext password</wsse:Password>

the regex would not pickup the element and thus not replace it and the password would still appear in the logs.

Attachments

Issue Links

links to

GitHub Pull Request #713

Activity

People

Assignee:: Andrei Shakirin

Reporter:: Finn Herpich

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Oct/20 10:18

Updated:: 22/Dec/21 20:43

Resolved:: 03/Nov/20 00:22