fix status printing of variable substitution when the variable name contains any of the strings

ceki · ceki · commit 39d17ea3b338 · 2025-12-11T15:37:56.000+01:00
"password" or "secret" or "confidential"

Signed-off-by: ceki &lt;ceki@qos.ch&gt;
diff --git a/logback-classic/src/main/java/ch/qos/logback/classic/joran/PropertiesConfigurator.java b/logback-classic/src/main/java/ch/qos/logback/classic/joran/PropertiesConfigurator.java
@@ -187,7 +187,8 @@ public String subst(String ref) {
 
         String substituted = variableSubstitutionsHelper.subst(ref);
         if (ref != null && !ref.equals(substituted)) {
-            addInfo("value \"" + substituted + "\" substituted for \"" + ref + "\"");
+            String sanitized = variableSubstitutionsHelper.sanitizeIfConfidential(ref, substituted);
+            addInfo("value \"" + sanitized + "\" substituted for \"" + ref + "\"");
         }
         return substituted;
     }
diff --git a/logback-core/src/main/java/ch/qos/logback/core/joran/ParamModelHandler.java b/logback-core/src/main/java/ch/qos/logback/core/joran/ParamModelHandler.java
@@ -28,19 +28,19 @@ protected Class<ParamModel> getSupportedModelClass() {
     }
 
     @Override
-    public void handle(ModelInterpretationContext intercon, Model model) throws ModelHandlerException {
+    public void handle(ModelInterpretationContext mic, Model model) throws ModelHandlerException {
 
         ParamModel paramModel = (ParamModel) model;
 
-        String valueStr = intercon.subst(paramModel.getValue());
+        String valueStr = mic.subst(paramModel.getValue());
 
-        Object o = intercon.peekObject();
+        Object o = mic.peekObject();
 
         PropertySetter propSetter = new PropertySetter(beanDescriptionCache, o);
         propSetter.setContext(context);
 
         // allow for variable substitution for name as well
-        String finalName = intercon.subst(paramModel.getName());
+        String finalName = mic.subst(paramModel.getName());
         propSetter.setProperty(finalName, valueStr);
     }
 
diff --git a/logback-core/src/main/java/ch/qos/logback/core/model/processor/ModelInterpretationContext.java b/logback-core/src/main/java/ch/qos/logback/core/model/processor/ModelInterpretationContext.java
@@ -18,14 +18,12 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Properties;
 import java.util.Stack;
 import java.util.function.Supplier;
 
 import ch.qos.logback.core.Appender;
 import ch.qos.logback.core.Context;
 import ch.qos.logback.core.joran.GenericXMLConfigurator;
-import ch.qos.logback.core.joran.JoranConfiguratorBase;
 import ch.qos.logback.core.joran.JoranConstants;
 import ch.qos.logback.core.joran.spi.DefaultNestedComponentRegistry;
 import ch.qos.logback.core.joran.util.beans.BeanDescriptionCache;
@@ -34,7 +32,6 @@
 import ch.qos.logback.core.spi.AppenderAttachable;
 import ch.qos.logback.core.spi.ContextAwareBase;
 import ch.qos.logback.core.spi.ContextAwarePropertyContainer;
-import ch.qos.logback.core.spi.PropertyContainer;
 
 public class ModelInterpretationContext extends ContextAwareBase implements ContextAwarePropertyContainer {
 
@@ -165,13 +162,13 @@ public BeanDescriptionCache getBeanDescriptionCache() {
     public String subst(String ref)  {
 
         String substituted = variableSubstitutionsHelper.subst(ref);
-        if(ref != null && !ref.equals(substituted)) {
-            addInfo("value \""+substituted+"\" substituted for \""+ref+"\"");
+        if(ref != null && !ref.equals(substituted) ) {
+            String sanitized = variableSubstitutionsHelper.sanitizeIfConfidential(ref, substituted);
+            addInfo("value \""+sanitized+"\" substituted for \""+ref+"\"");
         }
         return substituted;
     }
 
-
     public DefaultNestedComponentRegistry getDefaultNestedComponentRegistry() {
         return defaultNestedComponentRegistry;
     }
diff --git a/logback-core/src/main/java/ch/qos/logback/core/model/util/VariableSubstitutionsHelper.java b/logback-core/src/main/java/ch/qos/logback/core/model/util/VariableSubstitutionsHelper.java
@@ -26,22 +26,55 @@
 /**
  * Helper methods to deal with properties.
  *
+ * <p>This class acts as a small container for substitution properties and
+ * delegates actual variable substitution to {@link OptionHelper#substVars}.
+ * It also offers a convenience method to mask confidential property values
+ * (for example passwords) by returning a blurred placeholder.</p>
+ *
  * @since 1.5.1
  */
 public class VariableSubstitutionsHelper extends ContextAwareBase implements ContextAwarePropertyContainer {
 
+    static final String PASSWORD = "password";
+    static final String SECRET = "secret";
+    static final String CONFIDENTIAL = "confidential";
+
+    static final String BLURRED_STR = "******";
+
     protected Map<String, String> propertiesMap;
 
+    /**
+     * Create a helper backed by an empty property map.
+     *
+     * @param context the logback context to associate with this helper; may be null
+     */
     public VariableSubstitutionsHelper(Context context) {
         this.setContext(context);
         this.propertiesMap = new HashMap<>();
     }
 
+    /**
+     * Create a helper pre-populated with the contents of {@code otherMap}.
+     * The provided map is copied and further modifications do not affect the
+     * original map.
+     *
+     * @param context the logback context to associate with this helper; may be null
+     * @param otherMap initial properties to copy; if null an empty map is created
+     */
     public VariableSubstitutionsHelper(Context context, Map<String, String> otherMap) {
         this.setContext(context);
         this.propertiesMap = new HashMap<>(otherMap);
     }
 
+    /**
+     * Perform variable substitution on the provided reference string.
+     *
+     * <p>Returns {@code null} if {@code ref} is {@code null}. On parse errors
+     * the original input string is returned and an error is logged.</p>
+     *
+     * @param ref the string possibly containing variables to substitute
+     * @return the string with substitutions applied, or {@code null} if {@code ref} was {@code null}
+     */
     @Override
     public String subst(String ref) {
         if (ref == null) {
@@ -54,12 +87,42 @@ public String subst(String ref) {
             addError("Problem while parsing [" + ref + "]", e);
             return ref;
         }
+    }
 
+    /**
+     * Return a blurred placeholder for confidential properties.
+     *
+     * <p>If the property name {@code ref} contains any of the case-insensitive
+     * substrings {@code "password"}, {@code "secret"} or {@code "confidential"}
+     * this method returns a fixed blurred string ("******"). Otherwise, the
+     * supplied {@code substituted} value is returned unchanged.</p>
+     *
+     * @param ref the property name to inspect; must not be {@code null}
+     * @param substituted the substituted value to return when the property is not confidential
+     * @return a blurred placeholder when the property appears confidential, otherwise {@code substituted}
+     * @throws IllegalArgumentException when {@code ref} is {@code null}
+     */
+    public String sanitizeIfConfidential(String ref, String substituted) {
+        if(ref == null) {
+            throw new IllegalArgumentException("ref cannot be null");
+        }
+
+        String lowerCaseRef = ref.toLowerCase();
+
+        if(lowerCaseRef.contains(PASSWORD) || lowerCaseRef.contains(SECRET) || lowerCaseRef.contains(CONFIDENTIAL)) {
+            return BLURRED_STR;
+        } else
+            return substituted;
     }
 
     /**
-     * Add a property to the properties of this execution context. If the property
-     * exists already, it is overwritten.
+     * Add or overwrite a substitution property.
+     *
+     * <p>Null keys or values are ignored. Values are trimmed before storing
+     * to avoid surprises caused by leading or trailing whitespace.</p>
+     *
+     * @param key the property name; ignored if {@code null}
+     * @param value the property value; ignored if {@code null}
      */
     @Override
     public void addSubstitutionProperty(String key, String value) {
@@ -71,13 +134,27 @@ public void addSubstitutionProperty(String key, String value) {
         propertiesMap.put(key, value);
     }
 
+    /**
+     * Retrieve a property value by name.
+     *
+     * @param key the property name
+     * @return the property value or {@code null} if not present
+     */
     @Override
     public String getProperty(String key) {
         return propertiesMap.get(key);
     }
 
+    /**
+     * Return a shallow copy of the internal property map.
+     *
+     * <p>The returned map is a copy and modifications to it do not affect the
+     * internal state of this helper.</p>
+     *
+     * @return a copy of the property map
+     */
     @Override
     public Map<String, String> getCopyOfPropertyMap() {
-        return new HashMap<String, String>(propertiesMap);
+        return new HashMap<>(propertiesMap);
     }
 }
diff --git a/logback-core/src/test/input/joran/implicitAction/nestedComplexWithPassword.xml b/logback-core/src/test/input/joran/implicitAction/nestedComplexWithPassword.xml
@@ -0,0 +1,21 @@
+<!--
+  ~ Logback: the reliable, generic, fast and flexible logging framework.
+  ~  Copyright (C) 1999-2025, QOS.ch. All rights reserved.
+  ~
+  ~ This program and the accompanying materials are dual-licensed under
+  ~ either the terms of the Eclipse Public License v1.0 as published by
+  ~ the Eclipse Foundation
+  ~
+  ~     or (per the licensee's choosing)
+  ~
+  ~ under the terms of the GNU Lesser General Public License version 2.1
+  ~ as published by the Free Software Foundation.
+  -->
+
+<context>
+    <fruit class="ch.qos.logback.core.joran.implicitAction.Fruit">
+        <name>${A_PASSWORD}</name>
+        <text>hello</text>
+        <text>world</text>
+    </fruit>
+</context>
diff --git a/logback-core/src/test/java/ch/qos/logback/core/joran/implicitAction/ImplicitActionTest.java b/logback-core/src/test/java/ch/qos/logback/core/joran/implicitAction/ImplicitActionTest.java
@@ -91,6 +91,24 @@ public void nestedComplex() throws Exception {
         }
     }
 
+    @Test
+    public void nestedComplexWithPassword() throws Exception {
+        try {
+            fruitContext.addSubstitutionProperty("A_PASSWORD", "blue");
+
+            simpleConfigurator.doConfigure(IMPLCIT_DIR + "nestedComplexWithPassword.xml");
+            StatusPrinter.print(fruitContext);
+            StatusChecker checker = new StatusChecker(fruitContext);
+
+            checker.assertContainsMatch("value \"\\*{6}\" substituted for \"\\$\\{A_PASSWORD\\}\"");
+            verifyFruit();
+
+        } catch (Exception je) {
+            StatusPrinter.print(fruitContext);
+            throw je;
+        }
+    }
+
     @Test
     public void nestedComplexWithoutClassAtrribute() throws Exception {
         try {

Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,8 @@ public String subst(String ref) {`
`187`	`187`
`188`	`188`	`String substituted = variableSubstitutionsHelper.subst(ref);`
`189`	`189`	`if (ref != null && !ref.equals(substituted)) {`
`190`		`- addInfo("value \"" + substituted + "\" substituted for \"" + ref + "\"");`
	`190`	`+ String sanitized = variableSubstitutionsHelper.sanitizeIfConfidential(ref, substituted);`
	`191`	`+ addInfo("value \"" + sanitized + "\" substituted for \"" + ref + "\"");`
`191`	`192`	`}`
`192`	`193`	`return substituted;`
`193`	`194`	`}`