Skip to content

Commit

Permalink
fix:username and password verify
Browse files Browse the repository at this point in the history
  • Loading branch information
@xxsc0529
xxsc0529 committed Jul 23, 2024
1 parent 1546def commit ce799b2
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions ...in/java/org/apache/inlong/manager/service/resource/sink/oceanbase/OceanBaseJdbcUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,16 @@
import java.util.List;
import java.util.Objects;

import static org.reflections.Reflections.log;

/**
* Utils for OceanBase JDBC.
*/
public class OceanBaseJdbcUtils {

private static final String OCEANBASE_JDBC_PREFIX = "jdbc:mysql://";
private static final String OCEANBASE_DRIVER_CLASS = "com.oceanbase.jdbc.Driver";
private static final String AUTO_DESERIALIZE = "autoDeserialize";
private static final Logger LOGGER = LoggerFactory.getLogger(OceanBaseJdbcUtils.class);

/**
Expand Down Expand Up @@ -70,6 +73,14 @@ private static Connection establishDatabaseConnection(String url, String user, S
Connection conn;
try {
Class.forName(OCEANBASE_DRIVER_CLASS);
if (user.contains(AUTO_DESERIALIZE)) {
log.warn("sensitive param : {} in username field is filtered", AUTO_DESERIALIZE);
user = user.replace(AUTO_DESERIALIZE, "");
}
if (password.contains(AUTO_DESERIALIZE)) {
log.warn("sensitive param : {} in password field is filtered", AUTO_DESERIALIZE);
password = password.replace(AUTO_DESERIALIZE, "");
}
conn = DriverManager.getConnection(url, user, password);

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

Potential server-side request forgery due to a
user-provided value
Loading
.
} catch (Exception e) {
String errorMsg =
Expand Down

0 comments on commit ce799b2

Please sign in to comment.