Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Improved DB password masking to mask special characters (non alpha-numeric) as well #9

Open
wants to merge 14 commits into from

3 participants

Zoran Simic Yan Pujante haiping han
Zoran Simic

We found that only alphanumeric characters in passwords were masked, this fix makes sure that special characters (non alphanumeric) get masked as well.

...groovy/test/util/io/TestDataMaskingInputStream.groovy
((19 lines not shown))
+import org.linkedin.groovy.util.io.DataMaskingInputStream
+
+/**
+ * User: hhan
+ * Date: 6/18/12
+ * Time: 3:16 PM
+ * @author hhan@linkedin.com
+ */
+class TestDataMaskingInputStream extends GroovyTestCase {
+
+ void testOracleDBContent()
+ {
+ def temp = File.createTempFile("cfg2", "properties")
+ temp.write '<property name="db.member2.db_url" value="jdbc:oracle:thin:Encrypted-AES/CBC/PKCS5Padding(3QIdAjOKfAqcetGKhHEWez,0VWjpS2ewydmPFX8y-F3M_,umlHnS9A)@//test.prod.linkedin.com:1521/PROD_PMEM2_MEMBER2" /> \n'
+
+ DataMaskingInputStream stream = new DataMaskingInputStream(temp.newDataInputStream())
Yan Pujante Owner
ypujante added a note

I know this is just a test, but you are opening an input stream without ever closing it.

Why not simply use a String? Then you would not have this issue (although it is still a good practice to always close what you open).

new BytArrayInputStream(s.getBytes("UTF-8")) to get an input stream from a string...

Zoran Simic
zsimic added a note

Very good point, correcting this test class and updating the pull request

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 1, 2012
  1. Zoran Simic
Commits on Mar 2, 2012
  1. Zoran Simic
Commits on Mar 15, 2012
  1. Zoran Simic
Commits on Mar 28, 2012
  1. Zoran Simic

    Added explanation as to why we need a test case involving a GString w…

    zsimic authored
    …hen deserializing with Jackson
Commits on Apr 2, 2012
  1. Zoran Simic

    Merge remote-tracking branch 'upstream/master'

    zsimic authored
    Conflicts:
    	org.linkedin.util-groovy/build.gradle
    	org.linkedin.util-groovy/src/main/groovy/org/linkedin/groovy/util/json/JsonUtils.groovy
    	project-spec.groovy
Commits on Apr 3, 2012
  1. Zoran Simic
Commits on Jun 19, 2012
  1. haiping han

    Improving DB password masking

    hhan authored
  2. haiping han

    Improving DB password masking

    hhan authored
  3. Zoran Simic

    Bumped up version to 1.8.1

    zsimic authored
Commits on Jun 26, 2012
  1. haiping han

    fix test

    hhan authored
Commits on Jun 27, 2012
  1. haiping han
Commits on Jul 2, 2012
  1. Zoran Simic

    Restored TestGroovyIOUtils.groovy, reviewed TestDataMaskingInputStrea…

    zsimic authored
    …m.groovy
    
    TestGroovyIOUtils.groovy was apparently mistakenly removed in last merge.
  2. Zoran Simic
  3. Zoran Simic
This page is out of date. Refresh to see the latest.
1  .gitignore
View
@@ -5,3 +5,4 @@
*.iws
build
out
+logs
8 RELEASE.md
View
@@ -1,3 +1,7 @@
+1.8.1 (2012/06/26)
+------------------
+* improved DB password masking to mask special characters (non alpha-numeric) as well
+
1.8.0 (2012/03/31)
------------------
* implemented [ticket #6](https://github.com/linkedin/linkedin-utils/issues/6): _Using Jackson JSON (de)serializer_ (thanks for the help from Zoran @ LinkedIn)
@@ -41,7 +45,7 @@ Note that ``prettyPrint`` returns a slightly different output than before (keys
------------------
* fixed [bug #1](https://github.com/linkedin/linkedin-utils/issues/1): _GroovyIOUtils.cat leaks memory_
- revisited several concepts dealing with the creation of temporary files
+ revisited several concepts dealing with the creation of temporary files
1.3.0 (2011/01/17)
------------------
@@ -59,4 +63,4 @@ Note that ``prettyPrint`` returns a slightly different output than before (keys
1.0.0 (2010/11/05)
------------------
-* First release
+* First release
6 org.linkedin.util-groovy/src/main/groovy/org/linkedin/groovy/util/io/DataMaskingInputStream.groovy
View
@@ -113,8 +113,12 @@ public class DataMaskingInputStream extends FilterInputStream {
value = "********"
}
+ if(value.contains('password=')){
+ value=value.replaceAll("password=[^&]*", "password=********")
+ }
+
if (value.contains('oracle')) {
- value = value.replaceAll("\\w*/\\w*", '********/********')
+ value = value.replaceAll("\\w*/[^@]*", '********/********')
}
return "${prefix}${key}${middle}${value}${suffix}"
57 org.linkedin.util-groovy/src/test/groovy/test/util/io/TestDataMaskingInputStream.groovy
View
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2010-2010 LinkedIn, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package test.util.io
+
+import org.linkedin.groovy.util.io.DataMaskingInputStream
+
+/**
+ * User: hhan
+ * Date: 6/18/12
+ * Time: 3:16 PM
+ * @author hhan@linkedin.com
+ */
+class TestDataMaskingInputStream extends GroovyTestCase {
+
+ void testOracleDBContent()
+ {
+ def input = '<property name="db.member2.db_url" value="jdbc:oracle:thin:Encrypted-AES/CBC/PKCS5Padding(3QIdAjOKfAqcetGKhHEWez,0VWjpS2ewydmPFX8y-F3M_,umlHnS9A)@//test.prod.linkedin.com:1521/PROD_PMEM2_MEMBER2" /> \n'
+
+ DataMaskingInputStream stream = new DataMaskingInputStream(new ByteArrayInputStream(input.getBytes("UTF-8")))
+ def lines = stream.readLines()
+ stream.close()
+ assertTrue(lines.size() == 1)
+
+ String line = lines[0].trim()
+ String expected = '<property name="db.member2.db_url" value="jdbc:oracle:thin:Encrypted-********/********@********/********" />'
+ assertEquals(line, expected)
+ }
+
+ void testMySQLDBContent()
+ {
+ def input = '<property name="repdb.mysql.dbURL" value="jdbc:mysql://localhost/repdb_db?user=repdb&amp;password=test!123#^" /> \n'
+
+ DataMaskingInputStream stream = new DataMaskingInputStream(new ByteArrayInputStream(input.getBytes("UTF-8")))
+ def lines = stream.readLines()
+ stream.close()
+ assertTrue(lines.size() == 1)
+
+ String line = lines[0].trim()
+ String expected = '<property name="repdb.mysql.dbURL" value="jdbc:mysql://localhost/repdb_db?user=repdb&amp;password=********" />'
+ assertEquals(line, expected)
+ }
+
+}
2  project-spec.groovy
View
@@ -18,7 +18,7 @@
spec = [
name: 'linkedin-utils',
group: 'org.linkedin',
- version: '1.8.0',
+ version: '1.8.1',
versions: [
groovy: '1.7.5',
Something went wrong with that request. Please try again.