Merge branch '2.5.x'

Closes gh-27489
pull/27538/head
Andy Wilkinson 3 years ago
commit 5163bdab22

@ -50,7 +50,8 @@ public class Sanitizer {
private static final Set<String> URI_USERINFO_KEYS = new LinkedHashSet<>( private static final Set<String> URI_USERINFO_KEYS = new LinkedHashSet<>(
Arrays.asList("uri", "uris", "url", "urls", "address", "addresses")); Arrays.asList("uri", "uris", "url", "urls", "address", "addresses"));
private static final Pattern URI_USERINFO_PATTERN = Pattern.compile("\\[?[A-Za-z]+://.+:(.*)@.+$"); private static final Pattern URI_USERINFO_PATTERN = Pattern
.compile("^\\[?[A-Za-z][A-Za-z0-9\\+\\.\\-]+://.+:(.*)@.+$");
private Pattern[] keysToSanitize; private Pattern[] keysToSanitize;

@ -73,6 +73,14 @@ class SanitizerTests {
.isEqualTo("http://user:******@localhost:8080"); .isEqualTo("http://user:******@localhost:8080");
} }
@ParameterizedTest(name = "key = {0}")
@MethodSource("matchingUriUserInfoKeys")
void uriWithNonAlphaSchemeCharactersAndSingleValueWithPasswordShouldBeSanitized(String key) {
Sanitizer sanitizer = new Sanitizer();
assertThat(sanitizer.sanitize(key, "s-ch3m.+-e://user:password@localhost:8080"))
.isEqualTo("s-ch3m.+-e://user:******@localhost:8080");
}
@ParameterizedTest(name = "key = {0}") @ParameterizedTest(name = "key = {0}")
@MethodSource("matchingUriUserInfoKeys") @MethodSource("matchingUriUserInfoKeys")
void uriWithSingleValueWithNoPasswordShouldNotBeSanitized(String key) { void uriWithSingleValueWithNoPasswordShouldNotBeSanitized(String key) {

Loading…
Cancel
Save