GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Polish "Sanitize URIs with non-alpha characters in their schemes" 

See gh-27482
pull/27537/head
Andy Wilkinson 5 years ago
parent
bafa9c4784
commit
388068cdff
2 changed files with 14 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/Sanitizer.java
  2. 14
      spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/SanitizerTests.java

5
spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/Sanitizer.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2020 the original author or authors. * Copyright 2012-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -50,7 +50,8 @@ public class Sanitizer {
private static final Set<String> URI_USERINFO_KEYS = new LinkedHashSet<>( private static final Set<String> URI_USERINFO_KEYS = new LinkedHashSet<>(
Arrays.asList("uri", "uris", "address", "addresses")); Arrays.asList("uri", "uris", "address", "addresses"));
private static final Pattern URI_USERINFO_PATTERN = Pattern.compile("^[A-Za-z][A-Za-z0-9\\+\\.\\-]+://.+:(.*)@.+$"); private static final Pattern URI_USERINFO_PATTERN = Pattern
.compile("^\\[?[A-Za-z][A-Za-z0-9\\+\\.\\-]+://.+:(.*)@.+$");
private Pattern[] keysToSanitize; private Pattern[] keysToSanitize;

14
spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/SanitizerTests.java
Unescape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2020 the original author or authors. * Copyright 2012-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -52,8 +52,16 @@ class SanitizerTests {
@MethodSource("matchingUriUserInfoKeys") @MethodSource("matchingUriUserInfoKeys")
void uriWithSingleValueWithPasswordShouldBeSanitized(String key) { void uriWithSingleValueWithPasswordShouldBeSanitized(String key) {
Sanitizer sanitizer = new Sanitizer(); Sanitizer sanitizer = new Sanitizer();
assertThat(sanitizer.sanitize(key, "view-source://user:password@localhost:8080")) assertThat(sanitizer.sanitize(key, "http://user:password@localhost:8080"))
.isEqualTo("view-source://user:******@localhost:8080"); .isEqualTo("http://user:******@localhost:8080");
}
@ParameterizedTest(name = "key = {0}")
@MethodSource("matchingUriUserInfoKeys")
void uriWithNonAlphaSchemeCharactersAndSingleValueWithPasswordShouldBeSanitized(String key) {
Sanitizer sanitizer = new Sanitizer();
assertThat(sanitizer.sanitize(key, "s-ch3m.+-e://user:password@localhost:8080"))
.isEqualTo("s-ch3m.+-e://user:******@localhost:8080");
} }
@ParameterizedTest(name = "key = {0}") @ParameterizedTest(name = "key = {0}")

Write Preview
Loading…
Cancel
Save