From 5a8a86375d22d4e916ce684da3db5e6af980f0ed Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Mon, 31 Jul 2017 15:27:55 +0100
Subject: [PATCH] Sanitize individual env entry that is matched exactly

Closes gh-9918
See gh-8282
---
 .../endpoint/mvc/EnvironmentMvcEndpoint.java  | 10 +++++---
 .../mvc/EnvironmentMvcEndpointTests.java      | 25 ++++++++++++++++++-
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpoint.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpoint.java
index cac00aacd3..5cfcf59946 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpoint.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpoint.java
@@ -93,8 +93,7 @@ public class EnvironmentMvcEndpoint extends EndpointMvcAdapter
 
 		@Override
 		protected Object getOptionalValue(Environment source, String name) {
-			Object result = ((EnvironmentEndpoint) getDelegate()).getResolver()
-					.getProperty(name, Object.class);
+			Object result = getValue(name);
 			if (result != null) {
 				result = ((EnvironmentEndpoint) getDelegate()).sanitize(name, result);
 			}
@@ -103,13 +102,18 @@ public class EnvironmentMvcEndpoint extends EndpointMvcAdapter
 
 		@Override
 		protected Object getValue(Environment source, String name) {
-			Object result = source.getProperty(name, Object.class);
+			Object result = getValue(name);
 			if (result == null) {
 				throw new NoSuchPropertyException("No such property: " + name);
 			}
 			return ((EnvironmentEndpoint) getDelegate()).sanitize(name, result);
 		}
 
+		private Object getValue(String name) {
+			return ((EnvironmentEndpoint) getDelegate()).getResolver().getProperty(name,
+					Object.class);
+		}
+
 	}
 
 	/**
diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpointTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpointTests.java
index d9293fe31f..64c398fd11 100644
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpointTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/mvc/EnvironmentMvcEndpointTests.java
@@ -147,7 +147,7 @@ public class EnvironmentMvcEndpointTests {
 		map.put("my.foo", "${my.bar}");
 		((ConfigurableEnvironment) this.context.getEnvironment()).getPropertySources()
 				.addFirst(new MapPropertySource("unresolved-placeholder", map));
-		this.mvc.perform(get("/env/my.*")).andExpect(status().isOk())
+		this.mvc.perform(get("/env/my.foo")).andExpect(status().isOk())
 				.andExpect(content().string(containsString("\"my.foo\":\"${my.bar}\"")));
 	}
 
@@ -156,6 +156,29 @@ public class EnvironmentMvcEndpointTests {
 		Map<String, Object> map = new HashMap<String, Object>();
 		map.put("my.foo", "${my.password}");
 		map.put("my.password", "hello");
+		((ConfigurableEnvironment) this.context.getEnvironment()).getPropertySources()
+				.addFirst(new MapPropertySource("placeholder", map));
+		this.mvc.perform(get("/env/my.foo")).andExpect(status().isOk())
+				.andExpect(content().string(containsString("\"my.foo\":\"******\"")));
+	}
+
+	@Test
+	public void nestedPathMatchedByRegexWhenPlaceholderCannotBeResolvedShouldReturnUnresolvedProperty()
+			throws Exception {
+		Map<String, Object> map = new HashMap<String, Object>();
+		map.put("my.foo", "${my.bar}");
+		((ConfigurableEnvironment) this.context.getEnvironment()).getPropertySources()
+				.addFirst(new MapPropertySource("unresolved-placeholder", map));
+		this.mvc.perform(get("/env/my.*")).andExpect(status().isOk())
+				.andExpect(content().string(containsString("\"my.foo\":\"${my.bar}\"")));
+	}
+
+	@Test
+	public void nestedPathMatchedByRegexWithSensitivePlaceholderShouldSanitize()
+			throws Exception {
+		Map<String, Object> map = new HashMap<String, Object>();
+		map.put("my.foo", "${my.password}");
+		map.put("my.password", "hello");
 		((ConfigurableEnvironment) this.context.getEnvironment()).getPropertySources()
 				.addFirst(new MapPropertySource("placeholder", map));
 		this.mvc.perform(get("/env/my.*")).andExpect(status().isOk())