Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: Issue #1577. It is currently possible to leak information into logs from errors #1578

Closed
wants to merge 1 commit into from
Closed

Fix: Issue #1577. It is currently possible to leak information into logs from errors #1578

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions pgjdbc/src/main/java/org/postgresql/Driver.java
View file
Open in desktop
Expand Up @@ -56,6 +56,7 @@
*/
public class Driver implements java.sql.Driver {

public static boolean logDetail = true;
private static Driver registeredDriver;
private static final Logger PARENT_LOGGER = Logger.getLogger("org.postgresql");
private static final Logger LOGGER = Logger.getLogger("org.postgresql.Driver");
Expand Down Expand Up @@ -245,6 +246,10 @@ public Connection connect(String url, Properties info) throws SQLException {
// Setup java.util.logging.Logger using connection properties.
setupLoggerFromProperties(props);

if ( PGProperty.LOG_DETAIL.get(info).equalsIgnoreCase("false") ) {
logDetail = false;
}

LOGGER.log(Level.FINE, "Connecting with URL: {0}", url);

// Enforce login timeout, if specified, by running the connection
Expand Down
5 changes: 4 additions & 1 deletion pgjdbc/src/main/java/org/postgresql/PGProperty.java
View file
Open in desktop
Expand Up @@ -437,7 +437,10 @@ public enum PGProperty {
+ "to the database specified in the dbname parameter, "
+ "which will allow the connection to be used for logical replication "
+ "from that database. "
+ "(backend >= 9.4)");
+ "(backend >= 9.4)"),

LOG_DETAIL("log_detail", "true", "If set then the DETAIL information provided by the server is"
+ "included in the logs, if false the DETAIL information will be omitted");

private final String name;
private final String defaultValue;
Expand Down
6 changes: 5 additions & 1 deletion pgjdbc/src/main/java/org/postgresql/util/ServerErrorMessage.java
View file
Open in desktop
Expand Up @@ -80,7 +80,11 @@ public String getSeverity() {
}

public String getDetail() {
return mesgParts.get(DETAIL);
if (org.postgresql.Driver.logDetail == true) {
return mesgParts.get(DETAIL);
} else {
return "";
}
}

public String getHint() {
Expand Down
17 changes: 17 additions & 0 deletions pgjdbc/src/test/java/org/postgresql/test/jdbc2/PGPropertyTest.java
View file
Open in desktop
Expand Up @@ -27,6 +27,7 @@
import java.beans.BeanInfo;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.sql.Connection;
import java.sql.DriverPropertyInfo;
import java.util.ArrayList;
import java.util.Map;
Expand Down Expand Up @@ -291,4 +292,20 @@ public void testEncodedUrlValuesFromDataSource() {
assertFalse("password", PGProperty.PASSWORD.isPresent(parsed));
assertEquals("APPLICATION_NAME", applicationName, PGProperty.APPLICATION_NAME.get(parsed));
}

@Test
public void testLogDetailFalse() throws Exception {
Properties props = new Properties();
PGProperty.USER.set(props,TestUtil.getUser());
PGProperty.PASSWORD.set(props, TestUtil.getPassword());
PGProperty.PG_DBNAME.set(props, TestUtil.getDatabase());
PGProperty.PG_HOST.set(props, TestUtil.getServer());
PGProperty.PG_PORT.set(props, TestUtil.getPort());
PGProperty.LOG_DETAIL.set(props,"false");

Connection con = TestUtil.openDB(props);

assertFalse(Driver.logDetail);

}
}
39 changes: 39 additions & 0 deletions pgjdbc/src/test/java/org/postgresql/test/jdbc2/ServerErrorTest.java
View file
Open in desktop
Expand Up @@ -95,4 +95,43 @@ public void testDatatype() throws Exception {
stmt.close();
}

@Test
public void testLogDetail() throws Exception {
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT INTO testerr (id, val) VALUES (1, 1)");
try {
stmt.executeUpdate("INSERT INTO testerr (id, val) VALUES (1, 1)");
fail("Should have thrown a duplicate key exception.");
} catch (SQLException sqle) {
ServerErrorMessage err = ((PSQLException) sqle).getServerErrorMessage();
assertEquals("public", err.getSchema());
assertEquals("testerr", err.getTable());
assertEquals("testerr_pk", err.getConstraint());
assertEquals("Key (id)=(1) already exists.", err.getDetail());
assertNull(err.getDatatype());
assertNull(err.getColumn());
}
stmt.close();
}

@Test
public void testLogDetailFalse() throws Exception {
org.postgresql.Driver.logDetail = false;
Statement stmt = con.createStatement();
stmt.executeUpdate("INSERT INTO testerr (id, val) VALUES (1, 1)");
try {
stmt.executeUpdate("INSERT INTO testerr (id, val) VALUES (1, 1)");
fail("Should have thrown a duplicate key exception.");
} catch (SQLException sqle) {
ServerErrorMessage err = ((PSQLException) sqle).getServerErrorMessage();
assertEquals("public", err.getSchema());
assertEquals("testerr", err.getTable());
assertEquals("testerr_pk", err.getConstraint());
assertEquals("", err.getDetail());
assertNull(err.getDatatype());
assertNull(err.getColumn());
}
stmt.close();
}

}