root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Support overriding the default SanitizingFunction

Browse Source 
See gh-30006
pull/30078/head
Guirong Hu 3 years ago committed by Andy Wilkinson
parent a5d900d0af
commit fb9112c891
6 changed files with 55 additions and 9 deletions
Show Stats Download Patch File Download Diff File

5
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/context/properties/ConfigurationPropertiesReportEndpointAutoConfiguration.java
Unescape Escape View File

@ -16,6 +16,8 @@
package org.springframework.boot.actuate.autoconfigure.context.properties; package org.springframework.boot.actuate.autoconfigure.context.properties;
import java.util.stream.Collectors;
import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint; import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.actuate.autoconfigure.endpoint.expose.EndpointExposure; import org.springframework.boot.actuate.autoconfigure.endpoint.expose.EndpointExposure;
@ -48,7 +50,8 @@ public class ConfigurationPropertiesReportEndpointAutoConfiguration {
public ConfigurationPropertiesReportEndpoint configurationPropertiesReportEndpoint( public ConfigurationPropertiesReportEndpoint configurationPropertiesReportEndpoint(
ConfigurationPropertiesReportEndpointProperties properties, ConfigurationPropertiesReportEndpointProperties properties,
ObjectProvider<SanitizingFunction> sanitizingFunctions) { ObjectProvider<SanitizingFunction> sanitizingFunctions) {
ConfigurationPropertiesReportEndpoint endpoint = new ConfigurationPropertiesReportEndpoint(sanitizingFunctions); ConfigurationPropertiesReportEndpoint endpoint = new ConfigurationPropertiesReportEndpoint(
sanitizingFunctions.orderedStream().collect(Collectors.toList()));
String[] keysToSanitize = properties.getKeysToSanitize(); String[] keysToSanitize = properties.getKeysToSanitize();
if (keysToSanitize != null) { if (keysToSanitize != null) {
endpoint.setKeysToSanitize(keysToSanitize); endpoint.setKeysToSanitize(keysToSanitize);

5
spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/env/EnvironmentEndpointAutoConfiguration.java vendored
Unescape Escape View File

@ -16,6 +16,8 @@
package org.springframework.boot.actuate.autoconfigure.env; package org.springframework.boot.actuate.autoconfigure.env;
import java.util.stream.Collectors;
import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint; import org.springframework.boot.actuate.autoconfigure.endpoint.condition.ConditionalOnAvailableEndpoint;
import org.springframework.boot.actuate.autoconfigure.endpoint.expose.EndpointExposure; import org.springframework.boot.actuate.autoconfigure.endpoint.expose.EndpointExposure;
@ -46,7 +48,8 @@ public class EnvironmentEndpointAutoConfiguration {
@ConditionalOnMissingBean @ConditionalOnMissingBean
public EnvironmentEndpoint environmentEndpoint(Environment environment, EnvironmentEndpointProperties properties, public EnvironmentEndpoint environmentEndpoint(Environment environment, EnvironmentEndpointProperties properties,
ObjectProvider<SanitizingFunction> sanitizingFunctions) { ObjectProvider<SanitizingFunction> sanitizingFunctions) {
EnvironmentEndpoint endpoint = new EnvironmentEndpoint(environment, sanitizingFunctions); EnvironmentEndpoint endpoint = new EnvironmentEndpoint(environment,
sanitizingFunctions.orderedStream().collect(Collectors.toList()));
String[] keysToSanitize = properties.getKeysToSanitize(); String[] keysToSanitize = properties.getKeysToSanitize();
if (keysToSanitize != null) { if (keysToSanitize != null) {
endpoint.setKeysToSanitize(keysToSanitize); endpoint.setKeysToSanitize(keysToSanitize);

4
spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/env/EnvironmentEndpointAutoConfigurationTests.java vendored
Unescape Escape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2021 the original author or authors. * Copyright 2012-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -82,7 +82,7 @@ class EnvironmentEndpointAutoConfigurationTests {
Map<String, PropertyValueDescriptor> systemProperties = getSource("systemProperties", env) Map<String, PropertyValueDescriptor> systemProperties = getSource("systemProperties", env)
.getProperties(); .getProperties();
assertThat(systemProperties.get("custom").getValue()).isEqualTo("$$$"); assertThat(systemProperties.get("custom").getValue()).isEqualTo("$$$");
assertThat(systemProperties.get("password").getValue()).isEqualTo("******"); assertThat(systemProperties.get("password").getValue()).isEqualTo("$$$");
}); });
} }

11
spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/Sanitizer.java
Unescape Escape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2021 the original author or authors. * Copyright 2012-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -184,13 +184,18 @@ public class Sanitizer {
* @since 2.6.0 * @since 2.6.0
*/ */
public Object sanitize(SanitizableData data) { public Object sanitize(SanitizableData data) {
if (data.getValue() == null) { Object value = data.getValue();
if (value == null) {
return null; return null;
} }
for (SanitizingFunction sanitizingFunction : this.sanitizingFunctions) { for (SanitizingFunction sanitizingFunction : this.sanitizingFunctions) {
data = sanitizingFunction.apply(data); data = sanitizingFunction.apply(data);
Object sanitizedValue = data.getValue();
if (!value.equals(sanitizedValue)) {
return sanitizedValue;
}
} }
return data.getValue(); return value;
} }
private boolean keyIsUriWithUserInfo(Pattern pattern) { private boolean keyIsUriWithUserInfo(Pattern pattern) {

2
spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/context/properties/ConfigurationPropertiesReportEndpointTests.java
Unescape Escape View File

@ -293,7 +293,7 @@ class ConfigurationPropertiesReportEndpointTests {
new ApplicationContextRunner().withUserConfiguration(CustomSanitizingEndpointConfig.class, new ApplicationContextRunner().withUserConfiguration(CustomSanitizingEndpointConfig.class,
SanitizingFunctionConfiguration.class, TestPropertiesConfiguration.class) SanitizingFunctionConfiguration.class, TestPropertiesConfiguration.class)
.run(assertProperties("test", (properties) -> { .run(assertProperties("test", (properties) -> {
assertThat(properties.get("dbPassword")).isEqualTo("******"); assertThat(properties.get("dbPassword")).isEqualTo("$$$");
assertThat(properties.get("myTestProperty")).isEqualTo("$$$"); assertThat(properties.get("myTestProperty")).isEqualTo("$$$");
})); }));
} }

37
spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/endpoint/SanitizerTests.java
Unescape Escape View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2021 the original author or authors. * Copyright 2012-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,7 +16,9 @@
package org.springframework.boot.actuate.endpoint; package org.springframework.boot.actuate.endpoint;
import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.List;
import java.util.stream.Stream; import java.util.stream.Stream;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -87,6 +89,39 @@ class SanitizerTests {
assertThat(sanitizer.sanitize(hello)).isEqualTo("abc"); assertThat(sanitizer.sanitize(hello)).isEqualTo("abc");
} }
@Test
void overridingDefaultSanitizingFunction() {
Sanitizer sanitizer = new Sanitizer(Collections.singletonList((data) -> {
if (data.getKey().equals("password")) {
return data.withValue("------");
}
return data;
}));
SanitizableData password = new SanitizableData(null, "password", "123456");
assertThat(sanitizer.sanitize(password)).isEqualTo("------");
}
@Test
void whenValueSanitizedLaterSanitizingFunctionsShouldBeSkipped() {
final String sameKey = "custom";
List<SanitizingFunction> sanitizingFunctions = new ArrayList<>();
sanitizingFunctions.add((data) -> {
if (data.getKey().equals(sameKey)) {
return data.withValue("------");
}
return data;
});
sanitizingFunctions.add((data) -> {
if (data.getKey().equals(sameKey)) {
return data.withValue("******");
}
return data;
});
Sanitizer sanitizer = new Sanitizer(sanitizingFunctions);
SanitizableData custom = new SanitizableData(null, sameKey, "123456");
assertThat(sanitizer.sanitize(custom)).isEqualTo("------");
}
@ParameterizedTest(name = "key = {0}") @ParameterizedTest(name = "key = {0}")
@MethodSource("matchingUriUserInfoKeys") @MethodSource("matchingUriUserInfoKeys")
void uriWithSingleValueWithPasswordShouldBeSanitized(String key) { void uriWithSingleValueWithPasswordShouldBeSanitized(String key) {

Write Preview
Loading…
Cancel
Save