root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch '2.5.x' 

Closes gh-28082
This commit is contained in:
Phillip Webb 2021-09-21 15:20:30 -07:00
parent 667e5ca30c a862ebc254
commit 1829dc4960
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/Sanitizer.java
View File

@ -48,8 +48,9 @@ public class Sanitizer {
private static final String[] REGEX_PARTS = { "*", "$", "^", "+" }; private static final String[] REGEX_PARTS = { "*", "$", "^", "+" };
private static final Set<String> DEFAULT_KEYS_TO_SANITIZE = new LinkedHashSet<>(Arrays.asList("password", "secret", private static final Set<String> DEFAULT_KEYS_TO_SANITIZE = new LinkedHashSet<>(
"key", "token", ".*credentials.*", "vcap_services", "sun.java.command")); Arrays.asList("password", "secret", "key", "token", ".*credentials.*", "vcap_services", "sun.java.command",
"^spring[\\._]application[\\\\._]json$"));
private static final Set<String> URI_USERINFO_KEYS = new LinkedHashSet<>( private static final Set<String> URI_USERINFO_KEYS = new LinkedHashSet<>(
Arrays.asList("uri", "uris", "url", "urls", "address", "addresses")); Arrays.asList("uri", "uris", "url", "urls", "address", "addresses"));

2
spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/SanitizerTests.java
View File

@ -48,6 +48,8 @@ class SanitizerTests {
assertThat(sanitizer.sanitize("sometoken", "secret")).isEqualTo("******"); assertThat(sanitizer.sanitize("sometoken", "secret")).isEqualTo("******");
assertThat(sanitizer.sanitize("find", "secret")).isEqualTo("secret"); assertThat(sanitizer.sanitize("find", "secret")).isEqualTo("secret");
assertThat(sanitizer.sanitize("sun.java.command", "--spring.redis.password=pa55w0rd")).isEqualTo("******"); assertThat(sanitizer.sanitize("sun.java.command", "--spring.redis.password=pa55w0rd")).isEqualTo("******");
assertThat(sanitizer.sanitize("SPRING_APPLICATION_JSON", "{password:123}")).isEqualTo("******");
assertThat(sanitizer.sanitize("spring.application.json", "{password:123}")).isEqualTo("******");
} }
@Test @Test