From 88afc43d446f4edbe0b87b9481d21a4ec1057fc2 Mon Sep 17 00:00:00 2001 From: Johnny Lim Date: Sun, 12 Feb 2017 16:21:14 +0900 Subject: [PATCH 1/2] Ensure that entries in a list of lists are not lost during sanitization Closes gh-8263 See gh-8197 --- .../endpoint/ConfigurationPropertiesReportEndpoint.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpoint.java index a8ddab578db..f9c8424affe 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpoint.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpoint.java @@ -259,10 +259,9 @@ public class ConfigurationPropertiesReportEndpoint sanitized.add(sanitize(prefix, (Map) item)); } else if (item instanceof List) { - sanitize(prefix, (List) item); + sanitized.add(sanitize(prefix, (List) item)); } else { - item = this.sanitizer.sanitize(prefix, item); sanitized.add(this.sanitizer.sanitize(prefix, item)); } } From bbe93942283bbb5c1af7ea3231b8835ba34bbfe7 Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Tue, 14 Feb 2017 11:19:21 +0000 Subject: [PATCH 2/2] Tests that lists of lists are sanitized correctly See gh-8263 --- ...gurationPropertiesReportEndpointTests.java | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpointTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpointTests.java index d29c14167dd..a866e79fa6e 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpointTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/ConfigurationPropertiesReportEndpointTests.java @@ -17,6 +17,7 @@ package org.springframework.boot.actuate.endpoint; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -212,6 +213,23 @@ public class ConfigurationPropertiesReportEndpointTests assertThat(item.get("somePassword")).isEqualTo("******"); } + @Test + @SuppressWarnings("unchecked") + public void listsOfListsAreSanitized() throws Exception { + ConfigurationPropertiesReportEndpoint report = getEndpointBean(); + Map properties = report.invoke(); + Map nestedProperties = (Map) ((Map) properties + .get("testProperties")).get("properties"); + assertThat(nestedProperties.get("listOfListItems")).isInstanceOf(List.class); + List> listOfLists = (List>) nestedProperties + .get("listOfListItems"); + assertThat(listOfLists).hasSize(1); + List list = listOfLists.get(0); + assertThat(list).hasSize(1); + Map item = (Map) list.get(0); + assertThat(item.get("somePassword")).isEqualTo("******"); + } + @Configuration @EnableConfigurationProperties public static class Parent { @@ -254,10 +272,13 @@ public class ConfigurationPropertiesReportEndpointTests private List listItems = new ArrayList(); + private List> listOfListItems = new ArrayList>(); + public TestProperties() { this.secrets.put("mine", "myPrivateThing"); this.secrets.put("yours", "yourPrivateThing"); this.listItems.add(new ListItem()); + this.listOfListItems.add(Arrays.asList(new ListItem())); } public String getDbPassword() { @@ -308,6 +329,14 @@ public class ConfigurationPropertiesReportEndpointTests this.listItems = listItems; } + public List> getListOfListItems() { + return this.listOfListItems; + } + + public void setListOfListItems(List> listOfListItems) { + this.listOfListItems = listOfListItems; + } + public static class Hidden { private String mine = "mySecret";