improve secrets removal parser and catch possible exception and log it

lucee · Feb 4, 2025 · e9599ab · e9599ab
1 parent d961589
commit e9599ab
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 17 deletions.
diff --git a/core/src/main/java/lucee/runtime/exp/PageExceptionImpl.java b/core/src/main/java/lucee/runtime/exp/PageExceptionImpl.java
@@ -28,6 +28,7 @@
 import java.util.LinkedList;
 
 import lucee.commons.io.IOUtil;
+import lucee.commons.io.log.Log;
 import lucee.commons.io.log.LogUtil;
 import lucee.commons.io.res.Resource;
 import lucee.commons.io.res.util.ResourceUtil;
@@ -141,28 +142,33 @@ private static String filterSecrets(String msg, int startIndex) {
 			// S3 secret
 			startIndex = StringUtil.indexOfIgnoreCase(msg, "s3://", startIndex);
 			if (startIndex != -1) {
-				startIndex += 5;
-				int atIndex = msg.indexOf('@', startIndex + 1);
-				int colonIndex = msg.indexOf(':', startIndex + 1);
-				int slashIndex = msg.indexOf('/', startIndex + 1);
-				if (atIndex != -1) {
-					if (colonIndex != -1 && colonIndex < atIndex) {
-						String secretAccessKey = msg.substring(colonIndex + 1, atIndex);
+				try {
+					startIndex += 5;
+					int atIndex = msg.indexOf('@', startIndex + 1);
+					int colonIndex = msg.indexOf(':', startIndex + 1);
+					int slashIndex = msg.indexOf('/', startIndex + 1);
+					if (atIndex != -1) {
+						if (colonIndex != -1 && colonIndex < atIndex) {
+							String secretAccessKey = msg.substring(colonIndex + 1, atIndex);
+							int index = secretAccessKey.indexOf(':');
+							if (index != -1) {
+								secretAccessKey = secretAccessKey.substring(0, index);
+							}
+							msg = StringUtil.replace(msg, secretAccessKey, "{SECRET_ACCESS_KEY}", false, true);
+							return msg;
+						}
+					}
+					if (slashIndex != -1 && colonIndex != -1 && slashIndex > (colonIndex + 1)) {
+						String secretAccessKey = msg.substring(colonIndex + 1, slashIndex);
 						int index = secretAccessKey.indexOf(':');
 						if (index != -1) {
 							secretAccessKey = secretAccessKey.substring(0, index);
 						}
 						msg = StringUtil.replace(msg, secretAccessKey, "{SECRET_ACCESS_KEY}", false, true);
-						return msg;
 					}
 				}
-				if (slashIndex != -1) {
-					String secretAccessKey = msg.substring(colonIndex + 1, slashIndex);
-					int index = secretAccessKey.indexOf(':');
-					if (index != -1) {
-						secretAccessKey = secretAccessKey.substring(0, index);
-					}
-					msg = StringUtil.replace(msg, secretAccessKey, "{SECRET_ACCESS_KEY}", false, true);
+				catch (Exception e) {
+					LogUtil.log(Log.LEVEL_ERROR, "parsing", "failed to parse [" + msg + "] with startindex [" + startIndex + "]");
 				}
 			}
 		}

diff --git a/loader/build.xml b/loader/build.xml
@@ -2,7 +2,7 @@
 <project default="core" basedir="." name="Lucee" 
   xmlns:resolver="antlib:org.apache.maven.resolver.ant">
 
-  <property name="version" value="6.1.2.24-SNAPSHOT"/>
+  <property name="version" value="6.1.2.25-SNAPSHOT"/>
 
   <taskdef uri="antlib:org.apache.maven.resolver.ant" resource="org/apache/maven/resolver/ant/antlib.xml">
     <classpath>

diff --git a/loader/pom.xml b/loader/pom.xml
@@ -3,7 +3,7 @@
 
   <groupId>org.lucee</groupId>
   <artifactId>lucee</artifactId>
-  <version>6.1.2.24-SNAPSHOT</version>
+  <version>6.1.2.25-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>Lucee Loader Build</name>