Filter HTTP Basic Authorisation Credential in Update Audit Log

whois-commons/src/main/java/net/ripe/db/whois/common/conversion/PasswordFilter.java

@@ -1,6 +1,7 @@
 package net.ripe.db.whois.common.conversion;
 
 import com.google.common.base.Splitter;
+import org.apache.commons.lang.StringUtils;
 
 import java.util.Iterator;
 import java.util.List;
@@ -20,15 +21,26 @@ public class PasswordFilter {
 
     //from logsearch tweaked
     private static final Pattern PASSWORD_PATTERN_FOR_CONTENT = Pattern.compile("(?im)^(override|password)(:|%3A)\\s*(.+)\\s*$");
+    private static final Pattern BASIC_AUTH_HEADER_PATTERN_FOR_CONTENT = Pattern.compile("(?im)^(Header: Authorization=Basic)\\s*(.*)\\s*$", Pattern.CASE_INSENSITIVE);
+
     private static final Pattern URI_PASSWORD_PATTERN_PASSWORD_FOR_URL = Pattern.compile("(?<=)(password|override)(:|=|%3A)([^&^\\s]*)", Pattern.CASE_INSENSITIVE);
 
     public static String filterPasswordsInContents(final String contents) {
-        String result = contents;
-        if (contents != null) {
-            final Matcher matcher = PASSWORD_PATTERN_FOR_CONTENT.matcher(contents);
-            result = replacePassword(matcher);
+        if(StringUtils.isEmpty(contents)) {
+            return contents;
         }
-        return result;
+
+        final String filteredContent = replaceBasicAuthHeader(BASIC_AUTH_HEADER_PATTERN_FOR_CONTENT.matcher(contents));
+        return replacePassword(PASSWORD_PATTERN_FOR_CONTENT.matcher(filteredContent));
+    }
+
+    private static String replaceBasicAuthHeader(final Matcher matcher)  {
+        final StringBuilder result = new StringBuilder();
+        while (matcher.find()) {
+            matcher.appendReplacement(result, String.format("%s FILTERED", matcher.group(1)));
+        }
+        matcher.appendTail(result);
+        return result.toString();
     }
 
     public static String filterPasswordsInUrl(final String url) {

whois-commons/src/test/java/net/ripe/db/whois/common/conversion/PasswordFilterTest.java

@@ -45,6 +45,38 @@ public void testFilterPasswordsInMessage() {
                 "delete: adsf\n"));
     }
 
+    @Test
+    public void testFilterBasicAuthHeadersInMessage() {
+        final String input = "" +
+                "Header: Authorization=Basic dDZsUlpndk9GSXBoamlHd3RDR3VMd3F3OjJDVEdQeDVhbFVFVzRwa1Rrd2FRdGRPNg==\n" +
+                "blue: asdfasdfasdf\n" +
+                "yellow%3A++asdfasdfasdf\n" +
+                "green: asdfasdfasdf # password: test\n" +
+                "purple: password\n" +
+                "password:   test1 \n" +
+                "password:test2\n" +
+                "password: test3\n" +
+                "password%3A++test4\n" +
+                "password%3A++test5\n" +
+                "Header: Authorization=Basic dDZsUlpndk9GSXBoamlHd3RDR3VMd3F3OjJDVEdQeDVhbFVFVzRwa1Rrd2FRdGRPNg==\n" +
+                "delete: adsf\n";
+
+        assertThat(PasswordFilter.filterPasswordsInContents(input), containsString("" +
+                "Header: Authorization=Basic FILTERED\n" +
+                "blue: asdfasdfasdf\n" +
+                "yellow%3A++asdfasdfasdf\n" +
+                "green: asdfasdfasdf # password: test\n" +
+                "purple: password\n" +
+                "password:FILTERED\n" +
+                "password:FILTERED\n" +
+                "password:FILTERED\n" +
+                "password%3AFILTERED\n" +
+                "password%3AFILTERED\n" +
+                "Header: Authorization=Basic FILTERED\n" +
+                "delete: adsf\n"));
+    }
+
+
     @Test
     public void testFilterOverridePasswordsInMessage() {
         final String input = "" +