remove secret from exceptions

build.number

@@ -1,3 +1,3 @@
 #Build Number for ANT. Do not edit!
-#Wed Oct 04 19:55:04 CEST 2023
-build.number=20
+#Thu Oct 05 15:53:19 CEST 2023
+build.number=22

source/java/src/org/lucee/extension/resource/s3/S3.java

@@ -107,11 +107,14 @@ public class S3 {
 	private static Map<String, S3> instances = new ConcurrentHashMap<String, S3>();
 
 	private final String host;
-	private final String secretAccessKey;
 	private final String accessKeyId;
-	private final boolean customCredentials;
-	private final boolean customHost;
+	private final String secretAccessKey;
+	private String defaultRegion;
+
 	private final long cacheTimeout;
+	private final long liveTimeout;
+
+	private int existCheckIntervall = 0;
 
 	/////////////////////// CACHE ////////////////
 	private ValidUntilMap<S3BucketWrapper> buckets;
@@ -123,18 +126,16 @@ public class S3 {
 	private Map<String, S3Info> exists = new ConcurrentHashMap<String, S3Info>();
 	private Log log;
 
-	private String defaultRegion;
-	private final long liveTimeout;
-	private int existCheckIntervall = 0;
-
 	public static S3 getInstance(S3Properties props, long cache) {
-		String key = props.toString() + ":" + cache;
+		String key = props.getAccessKeyId() + ":" + props.getSecretAccessKey() + ":" + props.getHost() + ":" + props.getDefaultLocation() + ":" + cache;
 		S3 s3 = instances.get(key);
 		if (s3 == null) {
 			synchronized (instances) {
 				s3 = instances.get(key);
 				if (s3 == null) {
-					instances.put(key, s3 = new S3(props, cache, S3.DEFAULT_LIVE_TIMEOUT, true, CFMLEngineFactory.getInstance().getThreadConfig().getLog("application")));
+					// print.ds("new:" + key);
+					instances.put(key, s3 = new S3(props.getAccessKeyId(), props.getSecretAccessKey(), props.getHost(), props.getDefaultLocation(), cache, S3.DEFAULT_LIVE_TIMEOUT,
+							true, CFMLEngineFactory.getInstance().getThreadConfig().getLog("application")));
 				}
 			}
 		}
@@ -150,21 +151,19 @@ public static S3 getInstance(S3Properties props, long cache) {
 	 * @param log
 	 * @throws S3Exception
 	 */
-	private S3(S3Properties props, long cacheTimeout, long liveTimeout, boolean cacheRegions, Log log) {
+	private S3(String accessKeyId, String secretAccessKey, String host, String defaultLocation, long cacheTimeout, long liveTimeout, boolean cacheRegions, Log log) {
 		regions.put("US", RegionFactory.US_EAST_1);
-		this.host = props.getHost();
-		this.secretAccessKey = props.getSecretAccessKey();
-		this.accessKeyId = props.getAccessKeyId();
+		this.accessKeyId = accessKeyId;
+		this.secretAccessKey = secretAccessKey;
+		this.host = host;
 		this.cacheTimeout = cacheTimeout;
 		this.liveTimeout = liveTimeout;
-		this.customCredentials = props.getCustomCredentials();
-		this.customHost = props.getCustomHost();
-		if (!Util.isEmpty(props.getDefaultLocation(), true)) {
+		if (!Util.isEmpty(defaultLocation, true)) {
 			try {
-				defaultRegion = toString(RegionFactory.getInstance(props.getDefaultLocation()));
+				defaultRegion = toString(RegionFactory.getInstance(defaultLocation));
 			}
 			catch (S3Exception e) {
-				defaultRegion = props.getDefaultLocation();
+				defaultRegion = defaultLocation;
 			}
 		}
 		defaultRegion = S3Util.extractLocationFromHostIfNecessary(defaultRegion, host);
@@ -2223,7 +2222,7 @@ public Region getBucketRegion(String bucketName, boolean loadIfNecessary) throws
 		return r;
 	}
 
-	public Region toRegion(String bucketName, String strRegion) throws S3Exception {
+	private Region toRegion(String bucketName, String strRegion) throws S3Exception {
 		if (!Util.isEmpty(strRegion, true)) {
 			return RegionFactory.getInstance(strRegion);
 		}
@@ -2488,14 +2487,6 @@ public static byte[] max1000(Resource res) throws IOException {
 		return out.toByteArray();
 	}
 
-	public boolean getCustomCredentials() {
-		return customCredentials;
-	}
-
-	public boolean getCustomHost() {
-		return customHost;
-	}
-
 	public static Object getToken(String key) {
 		Object newLock = new Object();
 		Object lock = tokens.putIfAbsent(key, newLock);

source/java/src/org/lucee/extension/resource/s3/S3Properties.java

@@ -113,8 +113,9 @@ public String getMapping() {
 
 	@Override
 	public String toString() {
-		return new StringBuilder().append("host:").append(getHost()).append(";").append("accessKeyId:").append(accessKeyId).append(";").append("secretAccessKey:")
-				.append(secretAccessKey).append(";acl:").append(acl).append(";location:").append(getDefaultLocation()).append(";").toString();
+
+		return new StringBuilder().append("host:").append(getHost()).append(";").append("accessKeyId:").append(getAccessKeyId()).append(";").append("secretAccessKey:")
+				.append(getSecretAccessKey()).append(";acl:").append(getACL()).append(";location:").append(getDefaultLocation()).append(";").toString();
 	}
 
 	public void setACL(Object acl) {

source/java/src/org/lucee/extension/resource/s3/S3Resource.java

@@ -77,6 +77,10 @@ private S3Resource(CFMLEngine engine, S3 s3, S3Properties props, String location
 		this.objectName = bo[1];
 	}
 
+	public String removeSecret(String msg) {
+		return S3Util.removeSecret(s3, msg);
+	}
+
 	public static String[] toBO(String path) {
 		CFMLEngine engine = CFMLEngineFactory.getInstance();
 		if (path.equals("/") || engine.getStringUtil().isEmpty(path, true)) {
@@ -174,9 +178,9 @@ private String getPrefix() {
 		String sak = s3.getSecretAccessKey();
 
 		StringBuilder sb = new StringBuilder(provider.getScheme()).append("://");
-		boolean doHost = s3.getCustomHost() && !s3.getHost().equals(S3.DEFAULT_HOST) && s3.getHost().length() > 0;
+		boolean doHost = props.getCustomHost() && !s3.getHost().equals(S3.DEFAULT_HOST) && s3.getHost().length() > 0;
 		boolean hasAt = false;
-		if (s3.getCustomCredentials() && !engine.getStringUtil().isEmpty(aki)) {
+		if (props.getCustomCredentials() && !engine.getStringUtil().isEmpty(aki)) {
 			sb.append(aki);
 			if (!engine.getStringUtil().isEmpty(sak)) {
 				sb.append(":").append(sak);

source/java/src/org/lucee/extension/resource/s3/S3Util.java

@@ -1,5 +1,7 @@
 package org.lucee.extension.resource.s3;
 
+import lucee.commons.io.res.Resource;
+import lucee.loader.engine.CFMLEngineFactory;
 import lucee.loader.util.Util;
 
 public class S3Util {
@@ -34,4 +36,15 @@ public static String extractLocationFromHostIfNecessary(String location, String
 
 		return null;
 	}
+
+	public static String removeSecret(S3 s3, String msg) {
+		return CFMLEngineFactory.getInstance().getStringUtil().replace(msg, s3.getSecretAccessKey(), "...", false, true);
+	}
+
+	public static String removeSecret(Resource res, String msg) {
+		if (res instanceof S3Resource) {
+			return ((S3Resource) res).removeSecret(msg);
+		}
+		return msg;
+	}
 }

source/java/src/org/lucee/extension/resource/s3/function/S3Function.java

@@ -123,8 +123,8 @@ protected static Charset toCharset(PageContext pc, String charset) throws PageEx
 	public static S3Resource toS3Resource(PageContext pc, String url, String functionName) throws PageException {
 		Resource res = CFMLEngineFactory.getInstance().getResourceUtil().toResourceNotExisting(pc, url);
 		ResourceProvider provider = res.getResourceProvider();
-		if (!provider.getScheme().equalsIgnoreCase("s3") || !res.exists())
-			throw CFMLEngineFactory.getInstance().getExceptionUtil().createFunctionException(pc, functionName, 1, "url", "file [" + url + "] does not exist.", null);
+		if (!provider.getScheme().equalsIgnoreCase("s3") || !res.exists()) throw CFMLEngineFactory.getInstance().getExceptionUtil().createFunctionException(pc, functionName, 1,
+				"url", "file [" + S3Util.removeSecret(res, url) + "] does not exist.", null);
 
 		return (S3Resource) res;
 	}

source/java/src/org/lucee/extension/resource/s3/function/S3GeneratePresignedURL.java

@@ -24,8 +24,7 @@ public Object invoke(PageContext pc, Object[] args) throws PageException {
 
 		CFMLEngine eng = CFMLEngineFactory.getInstance();
 		Cast cast = eng.getCastUtil();
-
-		if (args.length < 1 || args.length < 17) throw eng.getExceptionUtil().createFunctionException(pc, "S3GeneratePresignedURL", 1, 17, args.length);
+		if (args.length < 1 || args.length > 17) throw eng.getExceptionUtil().createFunctionException(pc, "S3GeneratePresignedURL", 1, 17, args.length);
 		String tmp;
 
 		// required
@@ -47,7 +46,7 @@ public Object invoke(PageContext pc, Object[] args) throws PageException {
 		String accessKeyId = args.length > 13 && args[13] != null ? cast.toString(args[13]) : null;
 		String secretAccessKey = args.length > 14 && args[14] != null ? cast.toString(args[14]) : null;
 		String host = args.length > 15 && args[15] != null ? cast.toString(args[15]) : null;
-		double timeout = args.length > 16 && !isEmpty(args[16]) ? cast.toDoubleValue(args[16]) : null;
+		double timeout = args.length > 16 && !isEmpty(args[16]) ? cast.toDoubleValue(args[16]) : 0;
 
 		// for backward compatibility, when host was not existing
 		if (eng.getDecisionUtil().isNumber(host)) {