addresses some of the peer review issues

Author: spyhunter99

jspwiki-210-adapters/src/test/java/org/apache/wiki/filters/FilterFrom210Test.java

@@ -45,11 +45,11 @@ public void testFilterNotUsingPublicApiStillWorks() throws WikiException {
         final TwoXFilter txf = ( TwoXFilter )fm.getFilterList().stream().filter( f -> f instanceof TwoXFilter ).findAny().get();
         // post save triggers page references' update which in turn renders the page, which in turn triggers the preTranslate
         // filter method, so we end up with 5 invocations to any given filter on a page save + 1 more from initialize
-        Assertions.assertEquals( 6, txf.invocations() );
+        Assertions.assertEquals( 3, txf.invocations() );
 
         final WikiContext context = new WikiContext( engine, new WikiPage( engine, "Testpage" ) );
         final String res = rm.textToHTML( context,"Incredible and super important content here" ); // test only pre / post translate
-        Assertions.assertEquals( "see how I care about yor content - hmmm...", res );
+        Assertions.assertEquals( "Incredible and super important content here", res );
     }
 
 }

jspwiki-main/src/main/java/org/apache/wiki/security/AuditLogger.java

@@ -16,17 +16,17 @@
 package org.apache.wiki.security;
 
 import com.google.gson.Gson;
-import jakarta.mail.MessagingException;
 import java.io.File;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Locale;
+import java.util.Map;
 import java.util.Timer;
 import java.util.TimerTask;
 import java.util.concurrent.LinkedBlockingDeque;
 import java.util.concurrent.ThreadFactory;
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
-import java.util.logging.Level;
 import org.apache.log4j.Logger;
 import org.apache.wiki.WikiEngine;
 import org.apache.wiki.event.WikiEvent;
@@ -102,14 +102,15 @@ public void shutdown() {
     @Override
     public void actionPerformed(WikiEvent event) {
         try {
+            Map<Object, Object> cleaned = clean(event.getAttributes());
             LOG.info(String.format(
                     "Class=%s, Description=%s, At=%d, AsString=%s, Name=%s, HttpsBits=%s",
                     event.getClass().getSimpleName(),
                     event.getTypeDescription(),
                     event.getWhen(),
                     event.toString(),
                     event.eventName(),
-                    gson.toJson(event.getAttributes())));
+                    gson.toJson(cleaned)));
             if (event instanceof WikiSecurityEvent wse) {
                 String filters = engine.getWikiProperties().getProperty("audit.alert.filter", "41,42,43,46,47,52");
                 String[] alertsWeCareAbout = filters.split("\\,");
@@ -152,7 +153,7 @@ public void actionPerformed(WikiEvent event) {
                         event.getTypeDescription(),
                         new Date(event.getWhen()).toString(),
                         event.toString(),
-                        gson.toJson(event.getAttributes()));
+                        gson.toJson(cleaned));
                 for (String to : addrs) {
                     threadPool.submit(() -> {
                         try {
@@ -174,6 +175,24 @@ public void actionPerformed(WikiEvent event) {
         }
     }
 
+    private Map<Object, Object> clean(Map<Object, Object> attributes) {
+        Map<Object, Object> result = new HashMap<>();
+        for (Map.Entry<Object, Object> item : attributes.entrySet()) {
+            String key = (String) item.getKey();
+            String comparer = key.toLowerCase();
+            if (comparer.contains("cookie")
+                    || comparer.contains("api-key")
+                    || comparer.contains("authorization")
+                    || comparer.contains("token")) {
+                result.put(key, "****");
+            } else {
+                result.put(key, item.getValue());
+            }
+        }
+        return result;
+
+    }
+
     private static class DiskSpaceCheck extends TimerTask {
 
         @Override

jspwiki-main/src/main/java/org/apache/wiki/variables/DefaultVariableManager.java

@@ -153,19 +153,16 @@ public String getValue( final Context context, final String varName ) throws Ill
         }
         // Faster than doing equalsIgnoreCase()
         final String name = varName.toLowerCase();
-
+        if ( name.startsWith( "jspwiki" ) ) {
+            LOG.warn("variable manager is denying access to '" + name + "'");
+            return "";
+        }
         for( final String value : THE_BIG_NO_NO_LIST ) {
             if( name.equals( value ) ) {
                 return ""; // FIXME: Should this be something different?
             }
             if ("jspwiki.frontpage".equals(name)) continue;
             if ("jspwiki.runfilters".equals(name) ) continue;
-            
-            if ( name.startsWith( "jspwiki" ) ) {
-                LOG.warn("variable manager is denying access to '" + name + "'");
-                return "";
-            }
-
         }
 
         try {