mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Sanitize sun.java.command by default
Closes gh-12796
This commit is contained in:
parent
a06de4d997
commit
cd0e4fe945
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2016 the original author or authors.
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -36,7 +36,8 @@ class Sanitizer {
|
||||
private Pattern[] keysToSanitize;
|
||||
|
||||
Sanitizer() {
|
||||
this("password", "secret", "key", "token", ".*credentials.*", "vcap_services");
|
||||
this("password", "secret", "key", "token", ".*credentials.*", "vcap_services",
|
||||
"sun.java.command");
|
||||
}
|
||||
|
||||
Sanitizer(String... keysToSanitize) {
|
||||
|
@ -20,7 +20,8 @@
|
||||
"key",
|
||||
"token",
|
||||
".*credentials.*",
|
||||
"vcap_services"
|
||||
"vcap_services",
|
||||
"sun.java.command"
|
||||
]
|
||||
},
|
||||
{
|
||||
@ -44,7 +45,8 @@
|
||||
"key",
|
||||
"token",
|
||||
".*credentials.*",
|
||||
"vcap_services"
|
||||
"vcap_services",
|
||||
"sun.java.command"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2017 the original author or authors.
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -92,6 +92,10 @@ public class EnvironmentEndpointTests extends AbstractEndpointTests<EnvironmentE
|
||||
assertThat(systemProperties.get("mySecret")).isEqualTo("******");
|
||||
assertThat(systemProperties.get("myCredentials")).isEqualTo("******");
|
||||
assertThat(systemProperties.get("VCAP_SERVICES")).isEqualTo("******");
|
||||
Object command = systemProperties.get("sun.java.command");
|
||||
if (command != null) {
|
||||
assertThat(command).isEqualTo("******");
|
||||
}
|
||||
clearSystemProperties("dbPassword", "apiKey", "mySecret", "myCredentials");
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012-2016 the original author or authors.
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -39,6 +39,8 @@ public class SanitizerTests {
|
||||
assertThat(sanitizer.sanitize("token", "secret")).isEqualTo("******");
|
||||
assertThat(sanitizer.sanitize("sometoken", "secret")).isEqualTo("******");
|
||||
assertThat(sanitizer.sanitize("find", "secret")).isEqualTo("secret");
|
||||
assertThat(sanitizer.sanitize("sun.java.command",
|
||||
"--spring.redis.password=pa55w0rd")).isEqualTo("******");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
Loading…
Reference in New Issue
Block a user