[JBoss JIRA] (WFLY-3131) isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method
4:09 p.m.
[
https://issues.jboss.org/browse/WFLY-3131?page=com.atlassian.jira.plugin....
]
RH Bugzilla Integration commented on WFLY-3131:
-----------------------------------------------
Paul Gier <pgier(a)redhat.com> changed the Status of [bug
1077838|https://bugzilla.redhat.com/show_bug.cgi?id=1077838] from MODIFIED to ON_QA
isSensitiveValue of class SensitiveVaultExpressionConstraint uses
incorrect index in java.lang.String.substring method
-----------------------------------------------------------------------------------------------------------------------
Key: WFLY-3131
URL: https://issues.jboss.org/browse/WFLY-3131
Project: WildFly
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Domain Management
Affects Versions: 8.0.0.Final
Environment: All
Reporter: Jay Kumar SenSharma
Assignee: Jay Kumar SenSharma
The isSensitiveValue(ModelNode value) method of class
"org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint"
seems to be using the incorrect index in java.lang.String.substring method. Which is
causing the following exceptions in the logs while executing the following kind of CLI
command:
{code}
[standalone@localhost:9990 /]
/subsystem=logging/periodic-rotating-file-handler=FILE:write-attribute(name=formatter,
value="%d{HH:mm:ss,SSS} %-5p [%c] (${jboss.node.name} %t) %s%E%n")
{
"outcome" => "failed",
"failure-description" => "JBAS014749: Operation handler failed:
String index out of range: -15",
"rolled-back" => true
}
{code}
The Exception can be seen as following in the WildFly Logs:
{code}
21:58:04,821 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 25) JBAS014612: Operation ("write-attribute")
failed - address: ([
("subsystem" => "logging"),
("periodic-rotating-file-handler" => "FILE")
]): java.lang.StringIndexOutOfBoundsException: String index out of range: -15
at java.lang.String.substring(String.java:1911) [rt.jar:1.7.0_51]
at
org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveValue(SensitiveVaultExpressionConstraint.java:128)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.isSensitiveAction(SensitiveVaultExpressionConstraint.java:89)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint$Factory.getRequiredConstraint(SensitiveVaultExpressionConstraint.java:81)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.access.rbac.DefaultPermissionFactory.getRequiredPermissions(DefaultPermissionFactory.java:201)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer.authorize(ManagementPermissionAuthorizer.java:100)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer.authorize(DelegatingConfigurableAuthorizer.java:98)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.OperationContextImpl.getBasicAuthorizationResponse(OperationContextImpl.java:1153)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1055)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.OperationContextImpl.authorize(OperationContextImpl.java:1015)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.OperationContextImpl.getResourceRegistration(OperationContextImpl.java:265)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.operations.global.WriteAttributeHandler.execute(WriteAttributeHandler.java:72)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:591)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:469)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:273)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:268)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:272)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:146)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:174)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:105)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:125)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:121)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_51]
at javax.security.auth.Subject.doAs(Subject.java:415) [rt.jar:1.7.0_51]
at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:94)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:121)
[wildfly-controller-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.protocol.mgmt.AbstractMessageHandler$2$1.doExecute(AbstractMessageHandler.java:283)
[wildfly-protocol-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at
org.jboss.as.protocol.mgmt.AbstractMessageHandler$AsyncTaskRunner.run(AbstractMessageHandler.java:504)
[wildfly-protocol-8.0.1.Final-SNAPSHOT.jar:8.0.1.Final-SNAPSHOT]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_51]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
[jboss-threads-2.1.1.Final.jar:2.1.1.Final]
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
3943
days inactive
3943
days old
0 comments
1 participants
participants (1)
-
RH Bugzilla Integration (JIRA)