[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861976#comment-16861976
]
Christoph Giera commented on CAMEL-13621:
-
You mean using the underlying URISupport.sanitizeUri? We will loose masking for
xml and json values.
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
> Components: camel-core
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Fix For: 3.0.0
>
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861920#comment-16861920
]
Claus Ibsen commented on CAMEL-13621:
-
Okay if you build the string yourself and you know its an endpoint uri, then
use as DefaultEndpoint toString does for masking.
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
> Components: camel-core
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Fix For: 3.0.0
>
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861917#comment-16861917
]
Christoph Giera commented on CAMEL-13621:
-
The use-case is pretty simple:
We trace our route executions in a DB table. E.g. if an error occured we store
it in a DB field . It's possible that this information contains sensitive
data(like password in a camel uri). I knew that there exists a solution for
masking in the camel framework because the log component has a masking option
and there I found the DefaultMaskingFormatter. I thought "when the log
component uses this I can also use it :) "
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
> Components: camel-core
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Fix For: 3.0.0
>
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861793#comment-16861793
]
Claus Ibsen commented on CAMEL-13621:
-
What is your use-case for this, what message do you output with logEIP? Mind
that the mask formatter is not intended for end users as utility class, but as
implementation for the log EIP to hide sensitive data. And its not a 100%
bullet proof implementation.
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
> Components: camel-core
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Fix For: 3.0.0
>
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861759#comment-16861759
]
Claus Ibsen commented on CAMEL-13621:
-
Also for key values it should not quote the masked password, eg it should not
be "" but just "
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861758#comment-16861758
]
Claus Ibsen commented on CAMEL-13621:
-
I really dislike complex regular exp pattern and sadly the
DefaultMaskingFormatter has those
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16861756#comment-16861756
]
Claus Ibsen commented on CAMEL-13621:
-
Okay have reproduced it with your 2nd little unit test. This only happens if
you turn on logMask. And yeah its complex when its regular exp patterns.
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121/OpenJDK 11.0.3
>
>Reporter: Christoph Giera
>Priority: Minor
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16860799#comment-16860799
]
Christoph Giera commented on CAMEL-13621:
-
It's not so easy to show or explain the StackOverflowError, I've attached 2
screenshots which are the results of the same test(FormatTest.java). Executing
this test results in ~50% errors(see ExecuteTest_2.PNG) and ~50% success(see
ExecuteTest_1.PNG). This is really weird because it's the same test. Maybe it
has something to do with [https://bugs.openjdk.java.net/browse/JDK-6328855] but
I'm not sure.
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121
>Reporter: Christoph Giera
>Priority: Minor
> Attachments: ExecuteTest_1.PNG, ExecuteTest_2.PNG, FormatTest.java,
> FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16860619#comment-16860619
]
Christoph Giera commented on CAMEL-13621:
-
Added FormatUriTest.java. The DefaultMaskingFormatter is used in the log
component and also provides options for json and xml formatting. So I assumed
that multiline strings should not be a problem at all. E.g. a pretty printed
xml contains line breaks.
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121
>Reporter: Christoph Giera
>Priority: Minor
> Attachments: FormatTest.java, FormatUriTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (CAMEL-13621) DefaultMaskingFormatter: & is ignored as ending character
[
https://issues.apache.org/jira/browse/CAMEL-13621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16858704#comment-16858704
]
Claus Ibsen commented on CAMEL-13621:
-
Looks a bit weird that your test case is not a sample of what you report.
This feature in camel is to mask camel endpoint uris, not big arbitrary text
with many new lines and whatnot.
Can you provide a use-case of a camel endpoint uri which has a password option
which dont get masked?
> DefaultMaskingFormatter: & is ignored as ending character
> -
>
> Key: CAMEL-13621
> URL: https://issues.apache.org/jira/browse/CAMEL-13621
> Project: Camel
> Issue Type: Bug
>Affects Versions: 2.20.2
> Environment: Camel 2.20.2
> Oracle JDK 8u121
>Reporter: Christoph Giera
>Priority: Major
> Attachments: FormatTest.java
>
>
> Using the DefaultMaskingFormatter and formatting a string that contains for
> example
> {noformat}
> password=mypass=nextvalue{noformat}
> should be masked to
> {noformat}
> password="x"=nextvalue{noformat}
> Instead of this the & is ignored(the next parameter will swallowed up) and
> the output looks like the following
> {noformat}
> password="x"{noformat}
>
> Additionaly StackoverflowErrors occur when formatting/masking bigger strings
> with line breaks, see example attached.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
