Bug 1077838

Summary: (6.3.0) isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Jay SenSharma <jsenshar>
Component: Domain ManagementAssignee: Jay SenSharma <jsenshar>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Kremensky <pkremens>
Severity: medium Docs Contact: Russell Dickenson <rdickens>
Priority: medium    
Version: 6.2.0CC: emuckenh, jlivings, kkhan, myarboro, olukas, sjadhav, smumford
Target Milestone: DR6   
Target Release: EAP 6.3.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, the `SensitiveVaultExpressionConstraint` class was using an incorrect string index when multiple {} occurred in the write attribute value. As a result, the use of the incorrect index was causing a `StringIndexOutOfBoundsException` to present. In this release the `isSensitiveValue` method of the `SensitiveVaultExpressionConstraint` class is fixed to use the correct index and the `StringIndexOutOfBoundsException` no longer prensents.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:41:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jay SenSharma 2014-03-18 16:42:44 UTC 
Description of problem:
======================

The isSensitiveValue(ModelNode value) method of class "org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint" seems to be using the incorrect index in java.lang.String.substring method. Which is causing the following exceptions in the logs while executing the following kind of CLI command:

+++++++++++
[standalone@localhost:9999 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter, value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")
{
    "outcome" => "failed",
    "failure-description" => "JBAS014749: Operation handler failed: String index out of range: -15",
    "rolled-back" => true
}
+++++++++++


The Exception can be seen as following in the WildFly Logs:

+++++++++++
22:08:07,640 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) JBAS014612: Operation ("write-attribute") failed - address: ([
    ("subsystem" => "logging"),
    ("periodic-rotating-file-handler" => "FILE")
]): java.lang.StringIndexOutOfBoundsException: String index out of range: -15
	at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveAction(SensitiveVaultExpressionConstraint.java:89) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.getRequiredConstraint(SensitiveVaultExpressionConstraint.java:81) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getRequiredPermissions(DefaultPermissionFactory.java:201) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
+++++++++++


Version-Release number of selected component (if applicable):


How reproducible:
==================
Steps to Reproduce:
1. Take a fresh EAP 6.2 installation.
2. Start the Standalone profile.
3. Now using the "jboss-cli.sh" script run the following command:

/subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter, value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")


Actual results:
================
JBoss EAP throwing the following Error:

java.lang.StringIndexOutOfBoundsException: String index out of range: -15
	at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]



Expected results:
=================
 Should have updated the logging configuration without throwing the exception.


Additional info:
Comment 4 Kabir Khan 2014-03-21 10:11:10 UTC 
Jay, MODIFIED is for me to set when merged. POST is the state for when a PR is opened
Comment 5 Ondrej Lukas 2014-03-28 13:31:12 UTC 
Verified on EAP 6.3.0.DR6.
Comment 6 JBoss JIRA Server 2014-04-03 04:48:35 UTC 
Jay Kumar SenSharma <jsenshar> updated the status of jira WFLY-3131 to Closed
Comment 7 JBoss JIRA Server 2014-06-01 02:28:15 UTC 
Jason Greene <jason.greene> updated the status of jira WFLY-3131 to Reopened
Comment 8 JBoss JIRA Server 2014-06-01 02:30:52 UTC 
Jason Greene <jason.greene> updated the status of jira WFLY-3131 to Resolved