RED-9016: Leaks regarding the blacklist: Keyword protection insufficient

redaction-service-v1/redaction-service-server-v1/src/main/java/com/iqser/red/service/redaction/v1/server/service/drools/DroolsValidationService.java

@@ -9,6 +9,7 @@ import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.apache.commons.lang3.StringUtils;
 import org.drools.drl.parser.DroolsParserException;
 import org.kie.api.builder.KieBuilder;
 import org.kie.api.builder.Message;
@@ -232,11 +233,12 @@ public class DroolsValidationService {
             for (RuleClass ruleClass : ruleFileBluePrint.getRuleClasses()) {
                 for (RuleUnit ruleUnit : ruleClass.ruleUnits()) {
                     for (BasicRule basicRule : ruleUnit.rules()) {
-                        List<SearchImplementation.MatchPosition> matches = blacklistedKeywordSearchImplementation.getMatches(basicRule.getCode());
+                        String sanitizedRuleText = StringUtils.deleteWhitespace(basicRule.getCode());
+                        List<SearchImplementation.MatchPosition> matches = blacklistedKeywordSearchImplementation.getMatches(sanitizedRuleText);
 
                         if (!matches.isEmpty()) {
                             List<String> foundBlacklistedKeywords = matches.stream()
-                                    .map(m -> basicRule.getCode().substring(m.startIndex(), m.endIndex()))
+                                    .map(m -> sanitizedRuleText.substring(m.startIndex(), m.endIndex()))
                                     .distinct()
                                     .toList();
                             blacklistErrorMessages.add(DroolsBlacklistErrorMessage.builder()

redaction-service-v1/redaction-service-server-v1/src/main/resources/drools/blacklist.txt

@@ -1,11 +1,12 @@
 System.
 Runtime.
 Thread.
-ProcessBuilder.
-SecurityManager.
-ClassLoader.
 Class.
 
+ProcessBuilder
+SecurityManager
+ClassLoader
+
 java.io.File
 java.nio.file
 java.io.Object