From 56b691cbc17c99180685a6d75a02a77f28e0ed2f Mon Sep 17 00:00:00 2001 From: josephyim Date: Mon, 1 Sep 2025 19:29:02 +0800 Subject: [PATCH 1/3] Refine "REDACTED" replacement of api key value in web fetcher search url --- .../logic/importer/FetcherException.java | 13 ++++++----- .../org/jabref/logic/net/URLDownload.java | 2 +- .../logic/importer/FetcherExceptionTest.java | 22 +++++++++++++++++++ 3 files changed, 30 insertions(+), 7 deletions(-) create mode 100644 jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java diff --git a/jablib/src/main/java/org/jabref/logic/importer/FetcherException.java b/jablib/src/main/java/org/jabref/logic/importer/FetcherException.java index 0bb693449fd..f5c77333fb4 100644 --- a/jablib/src/main/java/org/jabref/logic/importer/FetcherException.java +++ b/jablib/src/main/java/org/jabref/logic/importer/FetcherException.java @@ -14,8 +14,9 @@ public class FetcherException extends JabRefException { private static final Logger LOGGER = LoggerFactory.getLogger(FetcherException.class); - private static final Pattern API_KEY_PATTERN = Pattern.compile("(?i)(api|key|api[-_]?key)=[^&]*"); - private static String REDACTED_STRING = "[REDACTED]"; + private static final String API_KEY_PARAM_NAME = "apiKeyParamName"; + private static final Pattern API_KEY_PATTERN = Pattern.compile("(?i)(?<" + API_KEY_PARAM_NAME + ">api|key|api[-_]?key)=[^&]*"); + private static final String REDACTED_STRING = "[REDACTED]"; private final String url; private final SimpleHttpResponse httpResponse; @@ -85,12 +86,12 @@ public String getLocalizedMessage() { } } - private String getRedactedUrl() { - return API_KEY_PATTERN.matcher(url).replaceAll(REDACTED_STRING); + String getRedactedUrl() { + return getRedactedUrl(url); } - public static Object getRedactedUrl(URL source) { - return API_KEY_PATTERN.matcher(source.toString()).replaceAll(REDACTED_STRING); + public static String getRedactedUrl(String source) { + return API_KEY_PATTERN.matcher(source).replaceAll("${" + API_KEY_PARAM_NAME + "}=" + REDACTED_STRING); } private String getPrefix() { diff --git a/jablib/src/main/java/org/jabref/logic/net/URLDownload.java b/jablib/src/main/java/org/jabref/logic/net/URLDownload.java index c7842d293ef..7eff72b29ef 100644 --- a/jablib/src/main/java/org/jabref/logic/net/URLDownload.java +++ b/jablib/src/main/java/org/jabref/logic/net/URLDownload.java @@ -382,7 +382,7 @@ public URLConnection openConnection() throws FetcherException { } else if (status >= 400) { // in case of an error, propagate the error message SimpleHttpResponse httpResponse = new SimpleHttpResponse(httpURLConnection); - LOGGER.info("{}: {}", FetcherException.getRedactedUrl(this.source), httpResponse); + LOGGER.info("{}: {}", FetcherException.getRedactedUrl(this.source.toString()), httpResponse); if (status < 500) { throw new FetcherClientException(this.source, httpResponse); } else { diff --git a/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java b/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java new file mode 100644 index 00000000000..ed2c723a973 --- /dev/null +++ b/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java @@ -0,0 +1,22 @@ +package org.jabref.logic.importer; + +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.CsvSource; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +class FetcherExceptionTest { + + @ParameterizedTest + @CsvSource({ + // Given example + "https://api.springernature.com/meta/v1/json?q=anything&api_key=abc&s=1&p=20, https://api.springernature.com/meta/v1/json?q=anything&api_key=[REDACTED]&s=1&p=20", + "https://api.springernature.com/meta/v1/json?q=anything&API_KEY=abc, https://api.springernature.com/meta/v1/json?q=anything&API_KEY=[REDACTED]", + "https://api.springernature.com/meta/v1/json?q=anything&apikey=abc123ABC, https://api.springernature.com/meta/v1/json?q=anything&apikey=[REDACTED]", + "https://api.springernature.com/meta/v1/json?q=anything, https://api.springernature.com/meta/v1/json?q=anything", + "https://api.springernature.com/meta/v1/json, https://api.springernature.com/meta/v1/json" + }) + void getRedactedUrl(String url, String redactedUrl) { + assertEquals(redactedUrl, FetcherException.getRedactedUrl(url)); + } +} From dc573e0a41318b6c70177ceb68a08989aa555c9c Mon Sep 17 00:00:00 2001 From: josephyim Date: Tue, 2 Sep 2025 22:20:22 +0800 Subject: [PATCH 2/3] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1b7599d741..c8b8fa1aaaf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -86,6 +86,7 @@ Note that this project **does not** adhere to [Semantic Versioning](https://semv - We changed to syntax for the websearch to the one of the main search bar. [#13607](https://github.com/JabRef/jabref/issues/13607) - We improved the for the web search tab in the preferences dialog [#13791](https://github.com/JabRef/jabref/pull/13791) - We improved the event viewer for debugging [#13783](https://github.com/JabRef/jabref/pull/13783). +- We improved "REDACTED" replacement of API key value in web fetcher search URL [#13796](https://github.com/JabRef/jabref/issues/13796) ### Fixed From 597aeed1bdfe1da20b53ba9a9fc30146a95eb33c Mon Sep 17 00:00:00 2001 From: josephyim Date: Tue, 2 Sep 2025 22:50:41 +0800 Subject: [PATCH 3/3] Remove comment in the test --- .../java/org/jabref/logic/importer/FetcherExceptionTest.java | 1 - 1 file changed, 1 deletion(-) diff --git a/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java b/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java index ed2c723a973..b35cfa3502a 100644 --- a/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java +++ b/jablib/src/test/java/org/jabref/logic/importer/FetcherExceptionTest.java @@ -9,7 +9,6 @@ class FetcherExceptionTest { @ParameterizedTest @CsvSource({ - // Given example "https://api.springernature.com/meta/v1/json?q=anything&api_key=abc&s=1&p=20, https://api.springernature.com/meta/v1/json?q=anything&api_key=[REDACTED]&s=1&p=20", "https://api.springernature.com/meta/v1/json?q=anything&API_KEY=abc, https://api.springernature.com/meta/v1/json?q=anything&API_KEY=[REDACTED]", "https://api.springernature.com/meta/v1/json?q=anything&apikey=abc123ABC, https://api.springernature.com/meta/v1/json?q=anything&apikey=[REDACTED]",