diff --git a/build.gradle b/build.gradle index bf02e0ad9b..61159927d5 100644 --- a/build.gradle +++ b/build.gradle @@ -275,7 +275,7 @@ dependencies { implementation group: 'commons-validator', name: 'commons-validator', version: '1.6' // CVE-2019-10086 force update of commons-beanutils. implementation group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.4' - implementation group: 'com.jayway.jsonpath', name: 'json-path', version: '2.4.0' + implementation group: 'com.jayway.jsonpath', name: 'json-path', version: '2.9.0' implementation group: 'org.awaitility', name: 'awaitility', version: '3.1.6' // CVE-2021-28170 diff --git a/src/main/java/uk/gov/hmcts/ccd/domain/model/std/Event.java b/src/main/java/uk/gov/hmcts/ccd/domain/model/std/Event.java index 16a5796dae..7db5c7bb39 100644 --- a/src/main/java/uk/gov/hmcts/ccd/domain/model/std/Event.java +++ b/src/main/java/uk/gov/hmcts/ccd/domain/model/std/Event.java @@ -2,16 +2,19 @@ import com.fasterxml.jackson.annotation.JsonProperty; import lombok.ToString; +import uk.gov.hmcts.ccd.util.EventDescriptionRedactor; @ToString public class Event { @JsonProperty("id") private String eventId; - @JsonProperty("summary") + private String summary; - @JsonProperty("description") + private String description; + private final EventDescriptionRedactor redactor = new EventDescriptionRedactor(); + public String getEventId() { return eventId; } @@ -20,18 +23,22 @@ public void setEventId(String eventId) { this.eventId = eventId; } + @JsonProperty("summary") public String getSummary() { - return summary; + return redactor.redact(summary); } + @JsonProperty("summary") public void setSummary(String summary) { this.summary = summary; } + @JsonProperty("description") public String getDescription() { - return description; + return redactor.redact(description); } + @JsonProperty("description") public void setDescription(String description) { this.description = description; } diff --git a/src/main/java/uk/gov/hmcts/ccd/util/EventDescriptionRedactor.java b/src/main/java/uk/gov/hmcts/ccd/util/EventDescriptionRedactor.java new file mode 100644 index 0000000000..3b33ffbc4d --- /dev/null +++ b/src/main/java/uk/gov/hmcts/ccd/util/EventDescriptionRedactor.java @@ -0,0 +1,14 @@ +package uk.gov.hmcts.ccd.util; + +@SuppressWarnings("squid:S5852") +public class EventDescriptionRedactor { + private static final String EMAIL_PATTERN = "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,10}"; + + public String redact(final String description) { + if (description == null) { + return null; + } else { + return description.replaceAll(EMAIL_PATTERN, "[REDACTED EMAIL]"); + } + } +} diff --git a/src/test/java/uk/gov/hmcts/ccd/util/EventDescriptionRedactorTest.java b/src/test/java/uk/gov/hmcts/ccd/util/EventDescriptionRedactorTest.java new file mode 100644 index 0000000000..f8c8fa3dab --- /dev/null +++ b/src/test/java/uk/gov/hmcts/ccd/util/EventDescriptionRedactorTest.java @@ -0,0 +1,28 @@ +package uk.gov.hmcts.ccd.util; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.CsvSource; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +class EventDescriptionRedactorTest { + + private final EventDescriptionRedactor redactor = new EventDescriptionRedactor(); + + @Test + void shouldReturnNullIfInputIsNull() { + assertNull(redactor.redact(null)); + } + + @ParameterizedTest + @CsvSource({ + "Plain text, Plain text", + "Contact me at john.doe@example.com for details, Contact me at [REDACTED EMAIL] for details", + "Emails: alice@example.com; bob.smith@domain.co.uk, Emails: [REDACTED EMAIL]; [REDACTED EMAIL]" + }) + void testRedactor(String input, String expected) { + assertEquals(expected, redactor.redact(input)); + } +}