LDEV-4718 - filter out secret

core/src/main/java/lucee/runtime/exp/PageExceptionImpl.java

@@ -103,7 +103,7 @@ public PageExceptionImpl(String message, String type) {
 	 * @param customType CUstom Type as String
 	 */
 	public PageExceptionImpl(String message, String type, String customType) {
-		super(message == null ? "" : message);
+		super(filterSecrets(message == null ? "" : message, 0));
 		// rootCause=this;
 		this.type = type.toLowerCase().trim();
 		this.customType = customType;
@@ -117,7 +117,7 @@ public PageExceptionImpl(String message, String type, String customType) {
 	 * @param type Type as String
 	 */
 	public PageExceptionImpl(Throwable e, String type) {
-		super(StringUtil.isEmpty(e.getMessage(), true) ? e.getClass().getName() : e.getMessage());
+		super(filterSecrets(StringUtil.isEmpty(e.getMessage(), true) ? e.getClass().getName() : e.getMessage(), 0));
 		if (e instanceof InvocationTargetException) e = ((InvocationTargetException) e).getTargetException();
 
 		// Throwable cause = e.getCause();
@@ -135,6 +135,38 @@ public PageExceptionImpl(Throwable e, String type) {
 		this.type = type.trim();
 	}
 
+	private static String filterSecrets(String msg, int startIndex) {
+		if (!StringUtil.isEmpty(msg)) {
+			// S3 secret
+			startIndex = StringUtil.indexOfIgnoreCase(msg, "s3://", startIndex);
+			if (startIndex != -1) {
+				startIndex += 5;
+				int atIndex = msg.indexOf('@', startIndex + 1);
+				int colonIndex = msg.indexOf(':', startIndex + 1);
+				int slashIndex = msg.indexOf('/', startIndex + 1);
+				if (atIndex != -1) {
+					if (colonIndex != -1 && colonIndex < atIndex) {
+						String secretAccessKey = msg.substring(colonIndex + 1, atIndex);
+						int index = secretAccessKey.indexOf(':');
+						if (index != -1) {
+							secretAccessKey = secretAccessKey.substring(0, index);
+						}
+						msg = filterSecrets(StringUtil.replace(msg, secretAccessKey, "{SECRET_ACCESS_KEY}"), atIndex);
+					}
+				}
+				if (slashIndex != -1) {
+					String secretAccessKey = msg.substring(colonIndex + 1, slashIndex);
+					int index = secretAccessKey.indexOf(':');
+					if (index != -1) {
+						secretAccessKey = secretAccessKey.substring(0, index);
+					}
+					msg = filterSecrets(StringUtil.replace(msg, secretAccessKey, "{SECRET_ACCESS_KEY}"), slashIndex);
+				}
+			}
+		}
+		return msg;
+	}
+
 	@Override
 	public String getDetail() {
 		if (detail == null || detail.equals(getMessage())) return "";

loader/build.xml

@@ -2,7 +2,7 @@
 <project default="core" basedir="." name="Lucee" 
   xmlns:resolver="antlib:org.apache.maven.resolver.ant">
 
-  <property name="version" value="6.0.0.572-SNAPSHOT"/>
+  <property name="version" value="6.0.0.573-SNAPSHOT"/>
 
   <taskdef uri="antlib:org.apache.maven.resolver.ant" resource="org/apache/maven/resolver/ant/antlib.xml">
     <classpath>

loader/pom.xml

@@ -3,7 +3,7 @@
 
   <groupId>org.lucee</groupId>
   <artifactId>lucee</artifactId>
-  <version>6.0.0.572-SNAPSHOT</version>
+  <version>6.0.0.573-SNAPSHOT</version>
   <packaging>jar</packaging>
 
   <name>Lucee Loader Build</name>