1077838 – (6.3.0) isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method

Bug 1077838 - (6.3.0) isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method

Summary: (6.3.0) isSensitiveValue of class SensitiveVaultExpressionConstraint uses inc...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Domain Management
Sub Component:
Version:	6.2.0
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	DR6
Target Release:	EAP 6.3.0
Assignee:	Jay SenSharma
QA Contact:	Petr Kremensky
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-03-18 16:42 UTC by Jay SenSharma
Modified:	2018-12-09 17:39 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-06-28 15:41:19 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	WFLY-3131	0	Major	Resolved	isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method	2015-12-31 04:04:06 UTC
Red Hat Knowledge Base (Solution)	761613	0	None	None	None	Never

Description Jay SenSharma 2014-03-18 16:42:44 UTC

Description of problem:
======================

The isSensitiveValue(ModelNode value) method of class "org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint" seems to be using the incorrect index in java.lang.String.substring method. Which is causing the following exceptions in the logs while executing the following kind of CLI command:

+++++++++++
[standalone@localhost:9999 /] /subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter, value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")
{
    "outcome" => "failed",
    "failure-description" => "JBAS014749: Operation handler failed: String index out of range: -15",
    "rolled-back" => true
}
+++++++++++


The Exception can be seen as following in the WildFly Logs:

+++++++++++
22:08:07,640 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) JBAS014612: Operation ("write-attribute") failed - address: ([
    ("subsystem" => "logging"),
    ("periodic-rotating-file-handler" => "FILE")
]): java.lang.StringIndexOutOfBoundsException: String index out of range: -15
	at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveAction(SensitiveVaultExpressionConstraint.java:89) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.getRequiredConstraint(SensitiveVaultExpressionConstraint.java:81) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
	at org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getRequiredPermissions(DefaultPermissionFactory.java:201) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
+++++++++++


Version-Release number of selected component (if applicable):


How reproducible:
==================
Steps to Reproduce:
1. Take a fresh EAP 6.2 installation.
2. Start the Standalone profile.
3. Now using the "jboss-cli.sh" script run the following command:

/subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter, value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")


Actual results:
================
JBoss EAP throwing the following Error:

java.lang.StringIndexOutOfBoundsException: String index out of range: -15
	at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
	at org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128) [jboss-as-controller-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]



Expected results:
=================
 Should have updated the logging configuration without throwing the exception.


Additional info:

Comment 4 Kabir Khan 2014-03-21 10:11:10 UTC

Jay, MODIFIED is for me to set when merged. POST is the state for when a PR is opened

Comment 5 Ondrej Lukas 2014-03-28 13:31:12 UTC

Verified on EAP 6.3.0.DR6.

Comment 6 JBoss JIRA Server 2014-04-03 04:48:35 UTC

Jay Kumar SenSharma <jsenshar> updated the status of jira WFLY-3131 to Closed

Comment 7 JBoss JIRA Server 2014-06-01 02:28:15 UTC

Jason Greene <jason.greene> updated the status of jira WFLY-3131 to Reopened

Comment 8 JBoss JIRA Server 2014-06-01 02:30:52 UTC

Jason Greene <jason.greene> updated the status of jira WFLY-3131 to Resolved

Note You need to log in before you can comment on or make changes to this bug.