fix: externalize links fails with ac scriptlets #2388
Conversation
Codecov Report
@@ Coverage Diff @@
## main #2388 +/- ##
============================================
- Coverage 87.26% 87.24% -0.02%
- Complexity 2517 2521 +4
============================================
Files 220 221 +1
Lines 6722 6728 +6
Branches 1019 1019
============================================
+ Hits 5866 5870 +4
- Misses 339 340 +1
- Partials 517 518 +1
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
| assertEquals(path, underTest.externalize(path, localContext.request())); | ||
|
|
||
| verify(externalizer).publishLink(any(ResourceResolver.class), url.capture()); | ||
| assertFalse(url.getValue().contains("<%=")); |
There was a problem hiding this comment.
I would feel more confident if we asserted on the expected output and not on simply not having the original fragments. This would also catch situation where we might end up up with multiple masking/encoding.
|
Kudos, SonarCloud Quality Gate passed!
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } else { | ||
| externalPath = externalizer.publishLink(resourceResolver, path); | ||
| LOG.warn(message, path, ex.getMessage()); |
Check failure
Code scanning / CodeQL
Insertion of sensitive information into log files
| } catch (Exception ex) { | ||
| String message = "Failed to externalize url '{}': {}"; | ||
| if (LOG.isDebugEnabled()) { | ||
| LOG.warn(message, path, ex.getMessage(), ex); |
Check failure
Code scanning / CodeQL
Insertion of sensitive information into log files
With this change the url is masked before it is passed to the Externalizer by the DefaultPathProcessor.
Eventually it makes sense to do this in all cases (sanitize, map, exteranlize). To be discussed.