[FIX] sanitize connection.uri for mongo

provectus · Feb 26, 2024 · 8e12da6 · 8e12da6
1 parent 53a6553
commit 8e12da6
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/KafkaConfigSanitizer.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/service/KafkaConfigSanitizer.java
@@ -30,7 +30,8 @@ class KafkaConfigSanitizer {
       .add(
           "basic.auth.user.info",  /* For Schema Registry credentials */
           "password", "secret", "token", "key", ".*credentials.*",   /* General credential patterns */
-          "aws.access.*", "aws.secret.*", "aws.session.*"   /* AWS-related credential patterns */
+          "aws.access.*", "aws.secret.*", "aws.session.*",   /* AWS-related credential patterns */
+          "connection.uri" /* mongo credential patterns */
       )
       .build();
 

diff --git a/kafka-ui-api/src/test/java/com/provectus/kafka/ui/service/KafkaConfigSanitizerTest.java b/kafka-ui-api/src/test/java/com/provectus/kafka/ui/service/KafkaConfigSanitizerTest.java
@@ -34,6 +34,9 @@ void obfuscateCredentials() {
     assertThat(sanitizer.sanitize("aws.secret.access.key", "secret")).isEqualTo("******");
     assertThat(sanitizer.sanitize("aws.secretAccessKey", "secret")).isEqualTo("******");
     assertThat(sanitizer.sanitize("aws.sessionToken", "secret")).isEqualTo("******");
+
+    //Mongo var sanitizing
+    assertThat(sanitizer.sanitize("connection.uri", "secret")).isEqualTo("******");
   }
 
   @Test