Redacts sensitive/password information when listing streams

resolves #1542

* Uses regex to identify values that need to be redacted.
* Added a few more tests

Removed Parser changes

* Added docs to regex
* Added empty string check to sanitizer

Author: cppwfs

spring-cloud-dataflow-core/src/test/java/org/springframework/cloud/dataflow/core/dsl/StreamParserTests.java

@@ -493,8 +493,6 @@ public void needAdjacentTokensForParameters() {
 		checkForParseError("foo --name= value", DSLMessage.NO_WHITESPACE_BEFORE_ARG_VALUE, 12);
 	}
 
-	// ---
-
 	@Test
 	public void testComposedOptionNameErros() {
 		checkForParseError("foo --name.=value", DSLMessage.NOT_EXPECTED_TOKEN, 11);
@@ -513,6 +511,9 @@ public void testXD2416() {
 				equalTo("payload" + ".replace(\"abc\", '')"));
 	}
 
+
+	// ---
+
 	StreamNode parse(String streamDefinition) {
 		return new StreamParser(streamDefinition).parse();
 	}

spring-cloud-dataflow-server-core/src/main/java/org/springframework/cloud/dataflow/server/controller/StreamDefinitionController.java

@@ -42,6 +42,7 @@
 import org.springframework.cloud.dataflow.rest.resource.DeploymentStateResource;
 import org.springframework.cloud.dataflow.rest.resource.StreamDefinitionResource;
 import org.springframework.cloud.dataflow.server.DataFlowServerUtil;
+import org.springframework.cloud.dataflow.server.controller.support.ArgumentSanitizer;
 import org.springframework.cloud.dataflow.server.controller.support.ControllerUtils;
 import org.springframework.cloud.dataflow.server.controller.support.InvalidStreamDefinitionException;
 import org.springframework.cloud.dataflow.server.repository.DeploymentIdRepository;
@@ -81,6 +82,7 @@
  * @author Ilayaperumal Gopinathan
  * @author Gunnar Hillert
  * @author Oleg Zhurakousky
+ * @author Glenn Renfro
  */
 @RestController
 @RequestMapping("/streams/definitions")
@@ -189,9 +191,9 @@ static DeploymentState aggregateState(Set<DeploymentState> states) {
 	/**
 	 * Return a page-able list of {@link StreamDefinitionResource} defined streams.
 	 *
-	 * @param pageable page-able collection of {@code StreamDefinitionResource}s.
+	 * @param pageable  page-able collection of {@code StreamDefinitionResource}s.
 	 * @param assembler assembler for {@link StreamDefinition}
-	 * @param search optional search parameter
+	 * @param search    optional search parameter
 	 * @return list of stream definitions
 	 */
 	@RequestMapping(value = "", method = RequestMethod.GET)
@@ -407,7 +409,7 @@ public StreamDefinitionResource toResource(StreamDefinition stream) {
 		@Override
 		public StreamDefinitionResource instantiateResource(StreamDefinition stream) {
 			final StreamDefinitionResource resource = new StreamDefinitionResource(stream.getName(),
-					stream.getDslText());
+					ArgumentSanitizer.sanitizeStream(stream.getDslText()));
 			final DeploymentStateResource deploymentStateResource = ControllerUtils
 					.mapState(streamDeploymentStates.get(stream));
 			resource.setStatus(deploymentStateResource.getKey());

spring-cloud-dataflow-server-core/src/main/java/org/springframework/cloud/dataflow/server/controller/support/ArgumentSanitizer.java

@@ -16,17 +16,34 @@
 
 package org.springframework.cloud.dataflow.server.controller.support;
 
+import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
 /**
  * Sanitizes potentially sensitive keys for a specific command line arg.
+ *
  * @author Glenn Renfro
  */
 public class ArgumentSanitizer {
-	private static final String[] REGEX_PARTS = { "*", "$", "^", "+" };
+	private static final String[] REGEX_PARTS = {"*", "$", "^", "+"};
+
+	private static final String REDACTION_STRING = "******";
+
+	private static final String[] KEYS_TO_SANITIZE = {"password", "secret", "key", "token", ".*credentials.*",
+			"vcap_services"};
+	//used to find the passwords embedded in a stream definition
+	private static Pattern passwordParameterPatternForStreams = Pattern.compile(
+			//Search for the -- characters then look for unicode letters
+			"(?i)(--[\\p{Z}]*[\\p{L}]*("
+			//that match the following strings from the KEYS_TO_SANITIZE array
+					+ StringUtils.arrayToDelimitedString(KEYS_TO_SANITIZE, "|")
+			//Following the equal sign (group1) accept any number of unicode characters(letters, open punctuation, close punctuation etc) for the value to be sanitized for group 3.
+					+ ")[\\p{L}]*[\\p{Z}]*=[\\p{Z}]*)((\"[\\p{L}|\\p{Pd}|\\p{Ps}|\\p{Pe}|\\p{Pc}|\\p{S}|\\p{N}|\\p{Z}]*\")|([\\p{N}|\\p{L}|\\p{Po}|\\p{Pc}|\\p{S}]*))",
+			Pattern.UNICODE_CASE);
 
-	private static final String[] KEYS_TO_SANITIZE = { "password", "secret", "key", "token", ".*credentials.*",
-			"vcap_services" };
 
 	private Pattern[] keysToSanitize;
 
@@ -55,6 +72,7 @@ private boolean isRegex(String value) {
 
 	/**
 	 * Replaces a potential secure value with "******".
+	 *
 	 * @param argument the argument to cleanse.
 	 * @return the argument with a potentially sanitized value
 	 */
@@ -67,10 +85,46 @@ public String sanitize(String argument) {
 		String value = argument.substring(indexOfFirstEqual + 1);
 		for (Pattern pattern : this.keysToSanitize) {
 			if (pattern.matcher(key).matches()) {
-				value = "******";
+				value = REDACTION_STRING;
 				break;
 			}
 		}
 		return String.format("%s=%s", key, value);
 	}
+
+	/**
+	 * Redacts sensitive values in a stream.
+	 *
+	 * @param definition the definition to sanitize
+	 * @return Stream definition that has sensitive data redacted.
+	 */
+	public static String sanitizeStream(String definition) {
+		Assert.hasText(definition, "definition must not be null nor empty");
+		final StringBuffer output = new StringBuffer();
+		final Matcher matcher = passwordParameterPatternForStreams.matcher(definition);
+		while (matcher.find()) {
+			String passwordValue = matcher.group(3);
+
+			String maskedPasswordValue;
+			boolean isPipeAppended = false;
+			boolean isNameChannelAppended = false;
+			if (passwordValue.endsWith("|")) {
+				isPipeAppended = true;
+			}
+			if (passwordValue.endsWith(">")) {
+				isNameChannelAppended = true;
+			}
+			maskedPasswordValue = REDACTION_STRING;
+			if (isPipeAppended) {
+				maskedPasswordValue = maskedPasswordValue + " |";
+			}
+			if (isNameChannelAppended) {
+				maskedPasswordValue = maskedPasswordValue + " >";
+			}
+			matcher.appendReplacement(output, matcher.group(1) + maskedPasswordValue);
+		}
+		matcher.appendTail(output);
+		return output.toString();
+	}
+
 }

spring-cloud-dataflow-server-core/src/test/java/org/springframework/cloud/dataflow/server/controller/StreamControllerTests.java

@@ -92,6 +92,7 @@
  * @author Ilayaperumal Gopinathan
  * @author Janne Valkealahti
  * @author Gunnar Hillert
+ * @author Glenn Renfro
  */
 @RunWith(SpringRunner.class)
 @SpringBootTest(classes = TestDependencies.class)
@@ -214,6 +215,7 @@ public void testFindRelatedAndNestedStreams() throws Exception {
 		assertEquals(0, repository.count());
 		mockMvc.perform(post("/streams/definitions/").param("name", "myStream1").param("definition", "time | log")
 				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+
 		mockMvc.perform(post("/streams/definitions/").param("name", "myAnotherStream1")
 				.param("definition", "time | log").accept(MediaType.APPLICATION_JSON)).andDo(print())
 				.andExpect(status().isCreated());
@@ -234,20 +236,37 @@ public void testFindRelatedAndNestedStreams() throws Exception {
 		mockMvc.perform(post("/streams/definitions/").param("name", "myStream4")
 				.param("definition", ":myAnotherStream1 > log").accept(MediaType.APPLICATION_JSON)).andDo(print())
 				.andExpect(status().isCreated());
-		assertEquals(8, repository.count());
+
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream5").param("definition", "time | log --secret=foo")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream6")
+				.param("definition", ":myStream5.time > log --password=bar").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+
+		assertEquals(10, repository.count());
 		String response = mockMvc
 				.perform(get("/streams/definitions/myStream1/related?nested=true").accept(MediaType.APPLICATION_JSON))
 				.andReturn().getResponse().getContentAsString();
 		assertTrue(response.contains(":myStream1 > log"));
 		assertTrue(response.contains(":myStream1.time > log"));
 		assertTrue(response.contains("time | log"));
 		assertTrue(response.contains("\"totalElements\":6"));
+
+		response = mockMvc
+				.perform(get("/streams/definitions/myStream5/related?nested=true").accept(MediaType.APPLICATION_JSON))
+				.andReturn().getResponse().getContentAsString();
+		assertTrue(response.contains(":myStream5.time > log --password=******"));
+		assertTrue(response.contains("time | log --secret=******"));
+		assertTrue(response.contains("\"totalElements\":2"));
+
 		String response2 = mockMvc.perform(
 				get("/streams/definitions/myAnotherStream1/related?nested=true").accept(MediaType.APPLICATION_JSON))
 				.andReturn().getResponse().getContentAsString();
 		assertTrue(response2.contains(":myAnotherStream1 > log"));
 		assertTrue(response2.contains("time | log"));
 		assertTrue(response2.contains("\"totalElements\":2"));
+
 		String response3 = mockMvc
 				.perform(get("/streams/definitions/myStream2/related?nested=true").accept(MediaType.APPLICATION_JSON))
 				.andReturn().getResponse().getContentAsString();
@@ -256,6 +275,83 @@ public void testFindRelatedAndNestedStreams() throws Exception {
 		assertTrue(response3.contains("\"totalElements\":2"));
 	}
 
+	@Test
+	public void testFindAll() throws Exception {
+		assertEquals(0, repository.count());
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream1").param("definition", "time --password=foo| log")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream1A").param("definition", "time --foo=bar| log")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "myAnotherStream1")
+				.param("definition", "time | log").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream2").param("definition", ":myStream1 > log")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "TapOnmyStream2")
+				.param("definition", ":myStream2 > log").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream3")
+				.param("definition", ":myStream1.time > log").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "TapOnMyStream3")
+				.param("definition", ":myStream3 > log").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "MultipleNestedTaps")
+				.param("definition", ":TapOnMyStream3 > log").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "myStream4")
+				.param("definition", ":myAnotherStream1 > log").accept(MediaType.APPLICATION_JSON)).andDo(print())
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions")
+				.param("name", "timelogSingleTick")
+				.param("definition", "time --format='YYYY MM DD' | log")
+				.param("deploy", "false"))
+				.andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions").param("name", "timelogDoubleTick")
+				.param("definition", "time --format=\"YYYY MM DD\" | log")
+				.param("deploy", "false")).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "twoPassword")
+				.param("definition", "time --password='foo'| log --password=bar")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "nameChannelPassword")
+				.param("definition", "time --password='foo'> :foobar")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "twoParam").param("definition", "time --password=foo --arg=foo | log")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+		mockMvc.perform(post("/streams/definitions/").param("name", "twoPipeInQuotes").param("definition", "time --password='fo|o' --arg=bar | log")
+				.accept(MediaType.APPLICATION_JSON)).andDo(print()).andExpect(status().isCreated());
+
+
+		assertEquals(15, repository.count());
+		String response = mockMvc
+				.perform(get("/streams/definitions/").accept(MediaType.APPLICATION_JSON))
+				.andReturn().getResponse().getContentAsString();
+
+		assertTrue(response.contains("time --password=****** | log"));
+		assertTrue(response.contains("time --foo=bar| log"));
+
+		assertTrue(response.contains(":myStream1.time > log"));
+		assertTrue(response.contains("time | log"));
+		assertTrue(response.contains(":myStream1 > log"));
+		assertTrue(response.contains(":myStream1.time > log"));
+		assertTrue(response.contains("time | log"));
+		assertTrue(response.contains(":myAnotherStream1 > log"));
+		assertTrue(response.contains("time | log"));
+		assertTrue(response.contains(":myStream1 > log"));
+		assertTrue(response.contains(":myStream2 > log"));
+		assertTrue(response.contains(":myStream3 > log"));
+		assertTrue(response.contains("time --format='YYYY MM DD' | log"));
+		assertTrue(response.contains("time --format=\\\"YYYY MM DD\\\" | log"));
+		assertTrue(response.contains("time --password=****** | log --password=******"));
+		System.out.println(response);
+		assertTrue(response.contains("time --password=****** > :foobar"));
+		assertTrue(response.contains("time --password=****** --arg=foo | log"));
+		assertTrue(response.contains("time --password=****** --arg=bar | log"));
+
+		assertTrue(response.contains("\"totalElements\":15"));
+
+	}
+
 	@Test
 	public void testSaveInvalidAppDefintions() throws Exception {
 		mockMvc.perform(post("/streams/definitions/").param("name", "myStream").param("definition", "foo | bar")
@@ -503,6 +599,24 @@ public void testDisplaySingleStream() throws Exception {
 				.andExpect(content().json("{dslText: \"time | log\"}"));
 	}
 
+	@Test
+	public void testDisplaySingleStreamWithRedaction() throws Exception {
+		StreamDefinition streamDefinition1 = new StreamDefinition("myStream", "time --secret=foo | log");
+		for (StreamAppDefinition appDefinition : streamDefinition1.getAppDefinitions()) {
+			deploymentIdRepository.save(DeploymentKey.forStreamAppDefinition(appDefinition),
+					streamDefinition1.getName() + "." + appDefinition.getName());
+		}
+		repository.save(streamDefinition1);
+		assertEquals(1, repository.count());
+		AppStatus status = mock(AppStatus.class);
+		when(status.getState()).thenReturn(DeploymentState.unknown);
+		when(appDeployer.status("myStream.time")).thenReturn(status);
+		when(appDeployer.status("myStream.log")).thenReturn(status);
+		mockMvc.perform(get("/streams/definitions/myStream").accept(MediaType.APPLICATION_JSON))
+				.andExpect(status().isOk()).andExpect(content().json("{name: \"myStream\"}"))
+				.andExpect(content().json("{dslText: \"time --secret=****** | log\"}"));
+	}
+
 	@Test
 	public void testDestroyStreamNotFound() throws Exception {
 		mockMvc.perform(delete("/streams/definitions/myStream").accept(MediaType.APPLICATION_JSON)).andDo(print())