[CXF-8982] LoggingFeature does not hide sensitive xml elements with namespace prefix - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.5.7, 3.6.2, 4.0.3
Fix Version/s: 3.5.9, 4.0.5, 3.6.4
Component/s: logging
Labels:
None

Estimated Complexity:
Unknown

Description

When setting a sensitive element name in the LoggingFeature, the element is not hidden if the element appears in XML with a namespace prefix.

It's not possible to just add a prefix when configuring the LoggingFeature:

this does not work for JSON
the namespace prefix is typically generated by the marshaller (ns1, ns2, etc) thus unknown during configuration

The solution is to change the xml regex templates in MaskSensitiveHelper by adding the optional prefix group in the opening and closing tags:

private static final String MATCH_PATTERN_XML_TEMPLATE = "(<(\\w+:)?-ELEMENT_NAME-.*?>)(.*?)(</(\\w+:)?-ELEMENT_NAME->)";
private static final String REPLACEMENT_XML_TEMPLATE = "$1XXX$4";

Attachments

Issue Links

links to

GitHub Pull Request #1721

Activity

People

Assignee:: Unassigned

Reporter:: Gaëtan Pitteloud

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Mar/24 17:36

Updated:: 12/Mar/24 00:36

Resolved:: 12/Mar/24 00:35