jasypt-spring-boot icon indicating copy to clipboard operation
jasypt-spring-boot copied to clipboard

Published 20 hours ago verified publisher icon ulisesbocchio

Maven plugin incorrectly encrypts passwords with ")" in

Open markvr opened this issue 2 years ago • 1 comments

Example Input password=DEC(aaa)bbb)

Output: password=ENC(aNUBHFyXZxvq4hGBSRSOSmwK0ZEZVvp/1fBP0mTUR9zyyFuGeS4zprlUZuJO2qH6)bbb)

It has only encrypted the "aaa". and the trailing "bbb)" has been copied across in plaintext.

Presumably because the regex at: https://github.com/ulisesbocchio/jasypt-spring-boot/blob/master/jasypt-maven-plugin/src/main/java/com/ulisesbocchio/jasyptmavenplugin/encrypt/EncryptionService.java#L56

is not greedy, so it matches on the first ")" it find.

I'll see if I can write a fix and send a PR.

markvr avatar May 11 '22 09:05 markvr

Good Morning, @markvr.

I faced same trouble and I have used as workaround changing jasypt prefix and suffix in the pom.xml configuration:

<jasypt.plugin.decrypt.prefix>DEC('</jasypt.plugin.decrypt.prefix> <jasypt.plugin.decrypt.suffix>')</jasypt.plugin.decrypt.suffix> <jasypt.plugin.encrypt.prefix>ENC('</jasypt.plugin.encrypt.prefix> <jasypt.plugin.encrypt.suffix>')</jasypt.plugin.encrypt.suffix>

Now, you can define configuration below described and it should run fine.

password=DEC('aaa)bbb')

Regards.

susinortasp avatar May 19 '22 08:05 susinortasp