You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2021/05/31 15:54:46 UTC
[commons-dbcp] branch master updated: Fix issues found by SpotBugs.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-dbcp.git
The following commit(s) were added to refs/heads/master by this push:
new d87c0a2 Fix issues found by SpotBugs.
d87c0a2 is described below
commit d87c0a225d4f8511305edd471d39b9c30619d9a0
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Mon May 31 11:54:43 2021 -0400
Fix issues found by SpotBugs.
- DataSourceConnectionFactory.getUserPassword() may expose internal
representation by returning DataSourceConnectionFactory.userPassword.
- DataSourceXAConnectionFactory.getUserPassword() may expose internal
representation by returning DataSourceXAConnectionFactory.userPassword.
- DriverAdapterCPDS.getPasswordCharArray() may expose internal
representation by returning DriverAdapterCPDS.userPassword.
- new org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory(TransactionManager,
XADataSource, String, char[], TransactionSynchronizationRegistry) may
expose internal representation by storing an externally mutable object
into DataSourceXAConnectionFactory.userPassword
- org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory.setPassword(char[])
may expose internal representation by storing an externally mutable
object into DataSourceXAConnectionFactory.userPassword
---
src/changes/changes.xml | 15 +++++++++++++++
.../apache/commons/dbcp2/DataSourceConnectionFactory.java | 2 +-
.../commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java | 2 +-
.../dbcp2/managed/DataSourceXAConnectionFactory.java | 6 +++---
4 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 8a86c8d..28ad799 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -92,6 +92,21 @@ The <action> type attribute can be add,update,fix,remove.
<action dev="ggregory" type="fix">
Replace FindBugs with SpotBugs.
</action>
+ <action dev="ggregory" type="fix">
+ DataSourceConnectionFactory.getUserPassword() may expose internal representation by returning DataSourceConnectionFactory.userPassword.
+ </action>
+ <action dev="ggregory" type="fix">
+ DataSourceXAConnectionFactory.getUserPassword() may expose internal representation by returning DataSourceXAConnectionFactory.userPassword.
+ </action>
+ <action dev="ggregory" type="fix">
+ DriverAdapterCPDS.getPasswordCharArray() may expose internal representation by returning DriverAdapterCPDS.userPassword.
+ </action>
+ <action dev="ggregory" type="fix">
+ new org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory(TransactionManager, XADataSource, String, char[], TransactionSynchronizationRegistry) may expose internal representation by storing an externally mutable object into DataSourceXAConnectionFactory.userPassword.
+ </action>
+ <action dev="ggregory" type="fix">
+ org.apache.commons.dbcp2.managed.DataSourceXAConnectionFactory.setPassword(char[]) may expose internal representation by storing an externally mutable object into DataSourceXAConnectionFactory.userPassword.
+ </action>
<!-- UPDATES -->
<action dev="ggregory" type="update" due-to="Dependabot">
Bump mockito-core from 3.5.11 to 3.10.0 #66, #72, #77, #85, #91, #105.
diff --git a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
index f18151d..a5b83bd 100644
--- a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java
@@ -106,6 +106,6 @@ public class DataSourceConnectionFactory implements ConnectionFactory {
* @since 2.6.0
*/
public char[] getUserPassword() {
- return userPassword;
+ return userPassword == null ? null : userPassword.clone();
}
}
diff --git a/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java b/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java
index 2dcd9f5..1d67dcb 100644
--- a/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java
+++ b/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java
@@ -337,7 +337,7 @@ public class DriverAdapterCPDS implements ConnectionPoolDataSource, Referenceabl
* @since 2.4.0
*/
public char[] getPasswordCharArray() {
- return userPassword;
+ return userPassword == null ? null : userPassword.clone();
}
/**
diff --git a/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
index bce97a5..d432839 100644
--- a/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
+++ b/src/main/java/org/apache/commons/dbcp2/managed/DataSourceXAConnectionFactory.java
@@ -101,7 +101,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
this.transactionRegistry = new TransactionRegistry(transactionManager, transactionSynchronizationRegistry);
this.xaDataSource = xaDataSource;
this.userName = userName;
- this.userPassword = userPassword;
+ this.userPassword = userPassword == null ? null : userPassword.clone();
}
/**
@@ -207,7 +207,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
}
public char[] getUserPassword() {
- return userPassword;
+ return userPassword == null ? null : userPassword.clone();
}
public XADataSource getXaDataSource() {
@@ -222,7 +222,7 @@ public class DataSourceXAConnectionFactory implements XAConnectionFactory {
* @since 2.4.0
*/
public void setPassword(final char[] userPassword) {
- this.userPassword = userPassword;
+ this.userPassword = userPassword == null ? null : userPassword.clone();
}
/**