Bug 1077838 - (6.3.0) isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method
Summary: (6.3.0) isSensitiveValue of class SensitiveVaultExpressionConstraint uses inc...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Domain Management
Version: 6.2.0
Hardware: All
OS: All
medium
medium
Target Milestone: DR6
: EAP 6.3.0
Assignee: Jay SenSharma
QA Contact: Petr Kremensky
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-18 16:42 UTC by Jay SenSharma
Modified: 2018-12-09 17:39 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, the `SensitiveVaultExpressionConstraint` class was using an incorrect string index when multiple {} occurred in the write attribute value. As a result, the use of the incorrect index was causing a `StringIndexOutOfBoundsException` to present. In this release the `isSensitiveValue` method of the `SensitiveVaultExpressionConstraint` class is fixed to use the correct index and the `StringIndexOutOfBoundsException` no longer prensents.
Clone Of:
Environment:
Last Closed: 2014-06-28 15:41:19 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 761613 None None None Never
JBoss Issue Tracker WFLY-3131 Major Resolved isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method 2015-12-31 04:04:06 UTC

Description Jay SenSharma 2014-03-18 16:42:44 UTC
Description of problem:
======================

The isSensitiveValue(ModelNode value) method of class "org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint" seems to be using the incorrect index in java.lang.String.substring method. Which is causing the following exceptions in the logs while executing the following kind of CLI command:

+++++++++++
[standalone@localhost:9999 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter, value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")
{
    "outcome" => "failed",
    "failure-description" => "JBAS014749: Operation handler failed: String index out of range: -15",
    "rolled-back" => true
}
+++++++++++


The Exception can be seen as following in the WildFly Logs:

+++++++++++
22:08:07,640 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) JBAS014612: Operation ("write-attribute") failed - address: ([
    ("subsystem" => "logging"),
    ("periodic-rotating-file-handler" => "FILE")
]): java.lang.StringIndexOutOfBoundsException: String index out of range: -15
	at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveAction(SensitiveVaultExpressionConstraint.java:89) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.getRequiredConstraint(SensitiveVaultExpressionConstraint.java:81) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getRequiredPermissions(DefaultPermissionFactory.java:201) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
+++++++++++


Version-Release number of selected component (if applicable):


How reproducible:
==================
Steps to Reproduce:
1. Take a fresh EAP 6.2 installation.
2. Start the Standalone profile.
3. Now using the "jboss-cli.sh" script run the following command:

/subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter, value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")


Actual results:
================
JBoss EAP throwing the following Error:

java.lang.StringIndexOutOfBoundsException: String index out of range: -15
	at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]



Expected results:
=================
 Should have updated the logging configuration without throwing the exception.


Additional info:

Comment 4 Kabir Khan 2014-03-21 10:11:10 UTC
Jay, MODIFIED is for me to set when merged. POST is the state for when a PR is opened

Comment 5 Ondrej Lukas 2014-03-28 13:31:12 UTC
Verified on EAP 6.3.0.DR6.

Comment 6 JBoss JIRA Server 2014-04-03 04:48:35 UTC
Jay Kumar SenSharma <jsenshar@redhat.com> updated the status of jira WFLY-3131 to Closed

Comment 7 JBoss JIRA Server 2014-06-01 02:28:15 UTC
Jason Greene <jason.greene@jboss.com> updated the status of jira WFLY-3131 to Reopened

Comment 8 JBoss JIRA Server 2014-06-01 02:30:52 UTC
Jason Greene <jason.greene@jboss.com> updated the status of jira WFLY-3131 to Resolved


Note You need to log in before you can comment on or make changes to this bug.