CLOUDSTACK-505: Converted regex expressions to pre-compiled Pattern objects

This was done for performance reasons. I also refined the regex strings and added more test cases for different string scenarios. Signed-off-by: Chip Childers <chip.childers@gmail.com>
2012-12-17 22:59:12 -05:00 · 2012-12-17 22:59:12 -05:00 · 2140bbb056
parent a81d227f1f
commit 2140bbb056
2 changed files with 65 additions and 10 deletions
--- a/utils/src/com/cloud/utils/StringUtils.java
+++ b/utils/src/com/cloud/utils/StringUtils.java
@ -19,6 +19,7 @@ package com.cloud.utils;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
+import java.util.regex.Pattern;

 // StringUtils exists in Apache Commons Lang, but rather than import the entire JAR to our system, for now
 // just implement the method needed
@ -129,13 +130,17 @@ public class StringUtils {
    	return sb.toString();
    }
    
+    // removes a password request param and it's value
+    private static final Pattern REGEX_PASSWORD_QUERYSTRING = Pattern.compile("&?password=.*?(?=[&'\"])");
+
+    // removes a password property from a response json object
+    private static final Pattern REGEX_PASSWORD_JSON = Pattern.compile("\"password\":\".*?\",?");
+
    // Responsible for stripping sensitive content from request and response strings
    public static String cleanString(String stringToClean){
        String cleanResult = "";
-        // removes a password request param and it's value
-        cleanResult = stringToClean.replaceAll("password=.*?&", "");
-        // removes a password property from a response json object
-        cleanResult = cleanResult.replaceAll("\"password\":\".*?\",", "");
+        cleanResult = REGEX_PASSWORD_QUERYSTRING.matcher(stringToClean).replaceAll("");
+        cleanResult = REGEX_PASSWORD_JSON.matcher(cleanResult).replaceAll("");
        return cleanResult;
    }

--- a/utils/test/com/cloud/utils/StringUtilsTest.java
+++ b/utils/test/com/cloud/utils/StringUtilsTest.java
@ -22,15 +22,41 @@ import com.cloud.utils.StringUtils;

 public class StringUtilsTest {
    @Test
-    public void testCleanJsonObject() {
-        String input = "{\"description\":\"foo\"}],\"password\":\"bar\",\"nic\":[{\"id\":\"1\"}]}";
-        String expected = "{\"description\":\"foo\"}],\"nic\":[{\"id\":\"1\"}]}";
+    public void testCleanPasswordFromJsonObjectAtEnd() {
+        String input = "{\"foo\":\"bar\",\"password\":\"test\"}";
+        //TODO: It would be nice to clean up the regex in question to not 
+        //have to return the trailing comma in the expected string below
+        String expected = "{\"foo\":\"bar\",}";
        String result = StringUtils.cleanString(input);
        assertEquals(result, expected);
    }

    @Test
-    public void testCleanJsonObjectWithMultiplePasswords() {
+    public void testCleanPasswordFromJsonObjectInMiddle() {
+        String input = "{\"foo\":\"bar\",\"password\":\"test\",\"test\":\"blah\"}";
+        String expected = "{\"foo\":\"bar\",\"test\":\"blah\"}";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }
+
+    @Test
+    public void testCleanPasswordFromJsonObjectAlone() {
+        String input = "{\"password\":\"test\"}";
+        String expected = "{}";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }
+
+    @Test
+    public void testCleanPasswordFromJsonObjectAtStart() {
+        String input = "{\"password\":\"test\",\"test\":\"blah\"}";
+        String expected = "{\"test\":\"blah\"}";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }
+
+    @Test
+    public void testCleanPasswordFromJsonObjectWithMultiplePasswords() {
        String input = "{\"description\":\"foo\"}],\"password\":\"bar\",\"nic\":[{\"password\":\"bar2\",\"id\":\"1\"}]}";
        String expected = "{\"description\":\"foo\"}],\"nic\":[{\"id\":\"1\"}]}";
        String result = StringUtils.cleanString(input);
@ -38,7 +64,7 @@ public class StringUtilsTest {
    }

    @Test
-    public void testCleanRequestObject() {
+    public void testCleanPasswordFromRequestString() {
        String input = "username=foo&password=bar&url=foobar";
        String expected = "username=foo&url=foobar";
        String result = StringUtils.cleanString(input);
@ -46,11 +72,35 @@ public class StringUtilsTest {
    }

    @Test
-    public void testCleanRequestObjectWithMultiplePasswords() {
+    public void testCleanPasswordFromRequestStringWithMultiplePasswords() {
        String input = "username=foo&password=bar&url=foobar&password=bar2&test=4";
        String expected = "username=foo&url=foobar&test=4";
        String result = StringUtils.cleanString(input);
        assertEquals(result, expected);
    }
+    
+    @Test
+    public void testCleanPasswordFromRequestStringMatchedAtEndSingleQuote() {
+        String input = "'username=foo&password=bar'";
+        String expected = "'username=foo'";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }
+
+    @Test
+    public void testCleanPasswordFromRequestStringMatchedAtEndDoubleQuote() {
+        String input = "\"username=foo&password=bar\"";
+        String expected = "\"username=foo\"";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }
+
+    @Test
+    public void testCleanPasswordFromRequestStringMatchedAtMiddleDoubleQuote() {
+        String input = "\"username=foo&password=bar&goo=sdf\"";
+        String expected = "\"username=foo&goo=sdf\"";
+        String result = StringUtils.cleanString(input);
+        assertEquals(result, expected);
+    }

 }