Skip to content

Commit 3edf924

Browse files
author
Robin Gottschalk
committed
chore(TRACEX-641): enrich sanitization to prevent log injection
1 parent b7fdc0b commit 3edf924

2 files changed

Lines changed: 4 additions & 3 deletions

File tree

tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/base/irs/OrderRepositoryImpl.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -149,7 +149,7 @@ public void handleOrderFinishedCallback(String orderId, String batchId, Processi
149149
.findFirst();
150150

151151
if (existingBatch.isPresent()) {
152-
log.info("Found existing batch ID: {} for order ID: {}, no new batch created", batchId, sanitize(orderId));
152+
log.info("Found existing batch ID: {} for order ID: {}, no new batch created", sanitize(batchId), sanitize(orderId));
153153
} else {
154154
BatchEntity newBatch = BatchEntity.builder()
155155
.id(batchId)
@@ -158,7 +158,7 @@ public void handleOrderFinishedCallback(String orderId, String batchId, Processi
158158
.build();
159159
orderEntity.addBatch(newBatch);
160160
updated = true;
161-
log.info("Added new batch with ID: {} and status: {} to order ID: {}", newBatch.getId(), newBatch.getStatus(), sanitize(orderId));
161+
log.info("Added new batch with ID: {} and status: {} to order ID: {}", sanitize(newBatch.getId()), newBatch.getStatus(), sanitize(orderId));
162162
}
163163
}
164164

tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/security/Sanitizer.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ public static String sanitize(String input) {
2727
if (input == null) {
2828
return null;
2929
}
30-
return StringUtils.replaceEach(input, new String[]{"\n", "\r"}, new String[]{"", ""});
30+
input = input.replaceAll("[^\\w:-]", "");;
31+
return input;
3132
}
3233
}

0 commit comments

Comments
 (0)