Feature/urlparser improve3 pr2

[MarekUniq]

1. Compatibility with libpq is improved regarding URL syntax and resolving url values

1.1. user and password are supported

Complete syntax:
jdbc:postgresql://[[user][:password]@][host1[:port1][,host2[:port2]][,...]][/database][?property1=value1[&property2=value2][&...]]

URL may include:

user (Optional) is the user to connect. Defaults to operating system username.
password (Optional) is the password to connect. No default value.

1.2. property passfile is supported

Example:

Properties props = new Properties();
PGProperty.PASSFILE.set(props, "/mydir/mypass");
Connection conn = DriverManager.getConnection(url, props);

1.3. Code is more clear regarding Properties override rules (source and result are logged at FINE logging level)

There are multiple sources for connection properties. If same property is specified in multiple sources then highest priority source is used. Priority list is here:

1) URL arguments (values after `?` mark)
2) URL values (values before `?` mark)
3) Properties given to `DriverManager.getConnection()`
4) values provided by `service` (from resource `.pg_service.conf`)
5) values in Java System Properties
6) values in Operating System environment
7) values from driverconfig file(s) (`org/postgresql/driverconfig.properties`)
8) global defaults (`dbname`, `host`, `pgpass`, `port`, `user`)

1.4. References

Related to: #2260 #2278 #2398 #2393 #2395 #2424 #2569 #2641 #2644

All Submissions:

• Have you followed the guidelines in our Contributing document?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?

New Feature Submissions:

1. Does your submission pass tests?
2. Does ./gradlew autostyleCheck checkstyleAll pass ?
3. Have you added your new test classes to an existing test suite in alphabetical order?

Changes to Existing Features:

• Have you added an explanation of what your changes do and why you'd like us to include them?
• Have you written new tests for your core changes, as applicable?
• Have you successfully run tests with your changes locally?

[gitguardian]

⚠️ GitGuardian has uncovered 21 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	Secret	Commit	Filename
-	Generic Database Assignment	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	PostgreSQL Credentials	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	PostgreSQL Credentials	fe48244	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	fe48244	pgjdbc/src/test/resources/pg_service/pgservicefileProps.conf	View secret
-	Generic Password	fe48244	pgjdbc/src/test/resources/pg_service/pgservicefileProps.conf	View secret
-	Generic Password	902d9b0	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	902d9b0	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	PostgreSQL Credentials	902d9b0	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	PostgreSQL Credentials	902d9b0	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	PostgreSQL Credentials	902d9b0	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	PostgreSQL Credentials	902d9b0	pgjdbc/src/test/java/org/postgresql/jdbcurlresolver/JdbcUrlResolverTest.java	View secret
-	Generic Password	902d9b0	pgjdbc/src/test/resources/pg_service/pgservicefileProps.conf	View secret
-	Generic Password	902d9b0	pgjdbc/src/test/resources/pg_service/pgservicefileProps.conf	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

<sup>🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!</sup>

[davecramer]

If we are looking to provide psql compatibility we should probably check the permissions of the file to ensure they are 0600 on *nix systems.

[MarekUniq]

Good observation. Permission check is added: https://github.com/pgjdbc/pgjdbc/compare/581edc3..736f2cb

[MarekUniq]

@davecramer
Hi! What are merge plans? Should I resolve conflicts now or at a later time?

[davecramer]

@MarekUniq currently my plans are 1) merge in the issue with longs #2710 will be reopened and merged. A release with this fix will be released.
Then we plan on merging in #2635 and releasing as a new major version.

I would hold off rebasing until after the above happens.

Thanks for your patience

[MarekUniq]

@davecramer
Hi! The following pull requests are merged: #2710 #2635.
Any plans for this one?

[MarekUniq]

@davecramer Hi! What are merge plans?

[androa]

Is there any progress on merging this?

[davecramer]

I'm generally in favour of this PR. It will need to be rebased.

[sehrope]

How about adding an overload for the old private verifyUrl(...) to call the new one?

private void verifyUrl(Driver drv, String url, String hosts, String ports, String dbName) {
    verifyUrl(drv, url, hosts, ports, dbName, "osUser", null);
}

That way the majority of the above test cases would not duplicate that info and it would better showcase that none of the expected behavior for those tests have changed.