Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Improved DB password masking to mask special characters (non alpha-numeric) as well #9

Open
wants to merge 14 commits into
from

Conversation

Projects
None yet
3 participants
Contributor

zsimic commented Jul 2, 2012

We found that only alphanumeric characters in passwords were masked, this fix makes sure that special characters (non alphanumeric) get masked as well.

@ypujante ypujante and 1 other commented on an outdated diff Jul 2, 2012

...groovy/test/util/io/TestDataMaskingInputStream.groovy
+import org.linkedin.groovy.util.io.DataMaskingInputStream
+
+/**
+ * User: hhan
+ * Date: 6/18/12
+ * Time: 3:16 PM
+ * @author hhan@linkedin.com
+ */
+class TestDataMaskingInputStream extends GroovyTestCase {
+
+ void testOracleDBContent()
+ {
+ def temp = File.createTempFile("cfg2", "properties")
+ temp.write '<property name="db.member2.db_url" value="jdbc:oracle:thin:Encrypted-AES/CBC/PKCS5Padding(3QIdAjOKfAqcetGKhHEWez,0VWjpS2ewydmPFX8y-F3M_,umlHnS9A)@//test.prod.linkedin.com:1521/PROD_PMEM2_MEMBER2" /> \n'
+
+ DataMaskingInputStream stream = new DataMaskingInputStream(temp.newDataInputStream())
@ypujante

ypujante Jul 2, 2012

Contributor

I know this is just a test, but you are opening an input stream without ever closing it.

Why not simply use a String? Then you would not have this issue (although it is still a good practice to always close what you open).

new BytArrayInputStream(s.getBytes("UTF-8")) to get an input stream from a string...

@zsimic

zsimic Jul 2, 2012

Contributor

Very good point, correcting this test class and updating the pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment