Google Git
Sign in
bazel / bazel / fd3700454e8e7d54a025edb6b51cec7105cfa7d9^! / . / src / main / java / com / google / devtools / build / lib / runtime / BlazeRuntime.java
commitfd3700454e8e7d54a025edb6b51cec7105cfa7d9[log] [tgz]
authorUlf Adams <ulfjack@gmail.com>Fri Jun 16 15:52:06 2017 +0200
committerPhilipp Wollermann <philwo@google.com>Mon Jun 19 18:23:10 2017 +0200
tree2b8e0e4743e174099934c5da402642ad1449c83b
parent7c1772110d1f024021699e1b3d88fb341d8dccaa [diff] [blame]
Safe-guard against broken client environments

The code previously threw StringIndexOutOfBoundsException if the client
env contained just a variable name with no '=' or value.

Fixed #3196.

Change-Id: I5afcaa398ab2e8bacc709445f50ba363659cadbb

Closes #3197.

Change-Id: I5afcaa398ab2e8bacc709445f50ba363659cadbb
PiperOrigin-RevId: 159222809

diff --git a/src/main/java/com/google/devtools/build/lib/runtime/BlazeRuntime.java b/src/main/java/com/google/devtools/build/lib/runtime/BlazeRuntime.java
index 94c38de..15f2220 100644
--- a/src/main/java/com/google/devtools/build/lib/runtime/BlazeRuntime.java
+++ b/src/main/java/com/google/devtools/build/lib/runtime/BlazeRuntime.java

@@ -103,6 +103,7 @@
 import java.util.logging.Level;
 import java.util.logging.LogRecord;
 import java.util.logging.Logger;
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.annotation.Nullable;
 
@@ -115,7 +116,7 @@
  */
 public final class BlazeRuntime {
   private static final Pattern suppressFromLog =
-      Pattern.compile("(auth|pass|cookie)", Pattern.CASE_INSENSITIVE);
+      Pattern.compile("--client_env=([^=]*(?:auth|pass|cookie)[^=]*)=", Pattern.CASE_INSENSITIVE);
 
   private static final Logger LOG = Logger.getLogger(BlazeRuntime.class.getName());
 
@@ -584,32 +585,25 @@
   }
 
   /**
-   * Generates a string form of a request to be written to the logs,
-   * filtering the user environment to remove anything that looks private.
-   * The current filter criteria removes any variable whose name includes
-   * "auth", "pass", or "cookie".
+   * Generates a string form of a request to be written to the logs, filtering the user environment
+   * to remove anything that looks private. The current filter criteria removes any variable whose
+   * name includes "auth", "pass", or "cookie".
    *
    * @param requestStrings
    * @return the filtered request to write to the log.
    */
   @VisibleForTesting
-  public static String getRequestLogString(List<String> requestStrings) {
+  static String getRequestLogString(List<String> requestStrings) {
     StringBuilder buf = new StringBuilder();
     buf.append('[');
     String sep = "";
+    Matcher m = suppressFromLog.matcher("");
     for (String s : requestStrings) {
       buf.append(sep);
-      if (s.startsWith("--client_env")) {
-        int varStart = "--client_env=".length();
-        int varEnd = s.indexOf('=', varStart);
-        String varName = s.substring(varStart, varEnd);
-        if (suppressFromLog.matcher(varName).find()) {
-          buf.append("--client_env=");
-          buf.append(varName);
-          buf.append("=__private_value_removed__");
-        } else {
-          buf.append(s);
-        }
+      m.reset(s);
+      if (m.lookingAt()) {
+        buf.append(m.group());
+        buf.append("__private_value_removed__");
       } else {
         buf.append(s);
       }