You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@groovy.apache.org by paulk-asert <gi...@git.apache.org> on 2017/02/07 08:31:59 UTC
[GitHub] groovy pull request #491: GROOVY-8068: improper logging in groovy.sql.Sql
GitHub user paulk-asert opened a pull request:
https://github.com/apache/groovy/pull/491
GROOVY-8068: improper logging in groovy.sql.Sql
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/paulk-asert/groovy groovy8068
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/groovy/pull/491.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #491
----
commit 278e07a9cce53bc031e2ef2a40b96d6a94669bb6
Author: paulk <pa...@asert.com.au>
Date: 2017-02-07T08:31:02Z
GROOVY-8068: improper logging in groovy.sql.Sql
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] groovy pull request #491: GROOVY-8068: improper logging in groovy.sql.Sql
Posted by jwagenleitner <gi...@git.apache.org>.
Github user jwagenleitner commented on a diff in the pull request:
https://github.com/apache/groovy/pull/491#discussion_r99946115
--- Diff: subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java ---
@@ -578,17 +578,26 @@ public static Sql newInstance(Map<String, Object> args) throws SQLException, Cla
Object url = sqlArgs.remove("url");
Connection connection;
+ LOG.fine("url = " + url);
if (props != null) {
- System.err.println("url = " + url);
- System.err.println("props = " + props);
- connection = DriverManager.getConnection(url.toString(), new Properties(props));
+ Properties propsCopy = new Properties(props);
+ connection = DriverManager.getConnection(url.toString(), propsCopy);
+ if (propsCopy.containsKey("password")) {
+ // don't log the password
+ propsCopy = new Properties(propsCopy);
--- End diff --
That makes sense, I missed that the copy was passed to the DriverManager. Sorry for the noise.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] groovy pull request #491: GROOVY-8068: improper logging in groovy.sql.Sql
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/groovy/pull/491
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] groovy pull request #491: GROOVY-8068: improper logging in groovy.sql.Sql
Posted by paulk-asert <gi...@git.apache.org>.
Github user paulk-asert commented on a diff in the pull request:
https://github.com/apache/groovy/pull/491#discussion_r99928551
--- Diff: subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java ---
@@ -578,17 +578,26 @@ public static Sql newInstance(Map<String, Object> args) throws SQLException, Cla
Object url = sqlArgs.remove("url");
Connection connection;
+ LOG.fine("url = " + url);
if (props != null) {
- System.err.println("url = " + url);
- System.err.println("props = " + props);
- connection = DriverManager.getConnection(url.toString(), new Properties(props));
+ Properties propsCopy = new Properties(props);
+ connection = DriverManager.getConnection(url.toString(), propsCopy);
+ if (propsCopy.containsKey("password")) {
+ // don't log the password
+ propsCopy = new Properties(propsCopy);
--- End diff --
It is certainly conservative code. I didn't want the password appearing in logging and I didn't know whether any drivers out there might hold onto the properties object and re-use it when e.g. growing a connection pool or something.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] groovy pull request #491: GROOVY-8068: improper logging in groovy.sql.Sql
Posted by jwagenleitner <gi...@git.apache.org>.
Github user jwagenleitner commented on a diff in the pull request:
https://github.com/apache/groovy/pull/491#discussion_r99844410
--- Diff: subprojects/groovy-sql/src/main/java/groovy/sql/Sql.java ---
@@ -578,17 +578,26 @@ public static Sql newInstance(Map<String, Object> args) throws SQLException, Cla
Object url = sqlArgs.remove("url");
Connection connection;
+ LOG.fine("url = " + url);
if (props != null) {
- System.err.println("url = " + url);
- System.err.println("props = " + props);
- connection = DriverManager.getConnection(url.toString(), new Properties(props));
+ Properties propsCopy = new Properties(props);
+ connection = DriverManager.getConnection(url.toString(), propsCopy);
+ if (propsCopy.containsKey("password")) {
+ // don't log the password
+ propsCopy = new Properties(propsCopy);
--- End diff --
I don't think this is needed since it's already been copied?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---