You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2020/08/11 20:00:03 UTC

[commons-dbcp] branch master updated: Mask out user name and password from DriverAdapterCPDS.toString().

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-dbcp.git


The following commit(s) were added to refs/heads/master by this push:
     new 0d585e3  Mask out user name and password from DriverAdapterCPDS.toString().
0d585e3 is described below

commit 0d585e3ee8efa99063f01b3b05d3f6ce20615f1c
Author: Gary Gregory <ga...@gmail.com>
AuthorDate: Tue Aug 11 15:59:55 2020 -0400

    Mask out user name and password from DriverAdapterCPDS.toString().
---
 src/changes/changes.xml                                   |  3 +++
 .../commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java      | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 05ddbd0..141096d 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -82,6 +82,9 @@ The <action> type attribute can be add,update,fix,remove.
       <action dev="ggregory" type="update" due-to="DoiMasayuki, Alexander Norz, Gary Gregory">
         Update to PR#36 - PrepareStatement and prepareCall methods are extracted #37.
       </action>
+      <action dev="ggregory" type="update" due-to="Gary Gregory">
+        Mask out user name and password from DriverAdapterCPDS.toString().
+      </action>
       <action dev="ggregory" type="update" issue="DBCP-650" due-to="Gary Gregory, Dependabot">
         Update Apache Commons Pool from 2.7.0 to 2.8.1, #48.
       </action>
diff --git a/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java b/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java
index b7166ab..fb98161 100644
--- a/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java
+++ b/src/main/java/org/apache/commons/dbcp2/cpdsadapter/DriverAdapterCPDS.java
@@ -754,11 +754,8 @@ public class DriverAdapterCPDS implements ConnectionPoolDataSource, Referenceabl
         builder.append(getConnectionCalled);
         builder.append(", connectionProperties=");
         Properties tmpProps = connectionProperties;
-        final String pwdKey = "password";
-        if (connectionProperties != null && connectionProperties.contains(pwdKey)) {
-            tmpProps = (Properties) connectionProperties.clone();
-            tmpProps.remove(pwdKey);
-        }
+        tmpProps = mask(tmpProps, "user");
+        tmpProps = mask(tmpProps, "password");
         builder.append(tmpProps);
         builder.append(", accessToUnderlyingConnectionAllowed=");
         builder.append(accessToUnderlyingConnectionAllowed);
@@ -766,6 +763,14 @@ public class DriverAdapterCPDS implements ConnectionPoolDataSource, Referenceabl
         return builder.toString();
     }
 
+    private Properties mask(Properties properties, final String maskValueAtKey) {
+        if (connectionProperties != null && connectionProperties.contains(maskValueAtKey)) {
+            properties = (Properties) connectionProperties.clone();
+            properties.put(maskValueAtKey, "[" + maskValueAtKey + "]");
+        }
+        return properties;
+    }
+
     private void update(final Properties properties, final String key, final String value) {
         if (properties != null && key != null) {
             if (value == null) {