/** * Some JDBC exception messages echoes back parts of the SQL statement. This is problem for security if some of the variables were replaced, and may * accidentally expose secret information in the response error message. The application should mask any values given in the properties which exist in the * exception message. * <p/> * This test will use a SQL that will throw an exception, and the exception message is known. Then asserts that the value has been replaced with a mask in * the response error message. */ @Test public void testExecuteJdbcSensitiveDataIsMaskedInErrorMessage() { String s3BucketName = "test_bucket"; String s3ObjectKey = "test_key"; String content = "foo=DataIntegrityViolationException"; putS3Object(s3BucketName, s3ObjectKey, content); JdbcExecutionRequest jdbcExecutionRequest = jdbcServiceTestHelper.createDefaultUpdateJdbcExecutionRequest(); jdbcExecutionRequest.getStatements().get(0).setSql(MockJdbcOperations.CASE_2_SQL); jdbcExecutionRequest.setS3PropertiesLocation(new S3PropertiesLocation(s3BucketName, s3ObjectKey)); JdbcExecutionResponse jdbcExecutionResponse = jdbcService.executeJdbc(jdbcExecutionRequest); Assert.assertEquals("jdbc execution response statement [0] error message", "java.sql.SQLException: test **** cause", jdbcExecutionResponse.getStatements().get(0).getErrorMessage()); }
/** * Test case where user specifies a QUERY statement type, but there are SQL errors. The status should be ERROR and no result set should exist in the * result. */ @Test public void testExecuteJdbcStatementTypeQueryError() { // Get test request JdbcExecutionRequest jdbcExecutionRequest = jdbcServiceTestHelper.createDefaultQueryJdbcExecutionRequest(); JdbcStatement expectedJdbcStatement = jdbcExecutionRequest.getStatements().get(0); expectedJdbcStatement.setSql(MockJdbcOperations.CASE_2_SQL); JdbcExecutionResponse jdbcExecutionResponse = jdbcService.executeJdbc(jdbcExecutionRequest); Assert.assertEquals("JDBC statements size", 1, jdbcExecutionResponse.getStatements().size()); JdbcStatement actualJdbcStatement = jdbcExecutionResponse.getStatements().get(0); Assert.assertNotNull("JDBC statement error message", actualJdbcStatement.getErrorMessage()); Assert.assertEquals("JDBC statement error message", "java.sql.SQLException: test DataIntegrityViolationException cause", actualJdbcStatement.getErrorMessage()); Assert.assertNull("JDBC statement result", actualJdbcStatement.getResult()); Assert.assertEquals("JDBC statement status", JdbcStatementStatus.ERROR, actualJdbcStatement.getStatus()); Assert.assertEquals("JDBC statement type", expectedJdbcStatement.getType(), actualJdbcStatement.getType()); Assert.assertNull("JDBC statement result set", actualJdbcStatement.getResultSet()); }
theErrorMessage = this.getErrorMessage(); strategy.appendField(locator, this, "errorMessage", buffer, theErrorMessage, (this.errorMessage!= null));
Assert.assertNull("JDBC statement [1] result is not null", actualJdbcStatement.getResult()); Assert.assertEquals("JDBC statement [1] error message", "java.sql.SQLException: test DataIntegrityViolationException cause", actualJdbcStatement.getErrorMessage());
theErrorMessage = this.getErrorMessage(); strategy.appendField(locator, this, "errorMessage", buffer, theErrorMessage, (this.errorMessage!= null));
lhsErrorMessage = this.getErrorMessage(); String rhsErrorMessage; rhsErrorMessage = that.getErrorMessage(); if (!strategy.equals(LocatorUtils.property(thisLocator, "errorMessage", lhsErrorMessage), LocatorUtils.property(thatLocator, "errorMessage", rhsErrorMessage), lhsErrorMessage, rhsErrorMessage, (this.errorMessage!= null), (that.errorMessage!= null))) { return false;
lhsErrorMessage = this.getErrorMessage(); String rhsErrorMessage; rhsErrorMessage = that.getErrorMessage(); if (!strategy.equals(LocatorUtils.property(thisLocator, "errorMessage", lhsErrorMessage), LocatorUtils.property(thatLocator, "errorMessage", rhsErrorMessage), lhsErrorMessage, rhsErrorMessage, (this.errorMessage!= null), (that.errorMessage!= null))) { return false;
theErrorMessage = this.getErrorMessage(); strategy.appendField(locator, this, "errorMessage", buffer, theErrorMessage, (this.errorMessage!= null));
Assert.assertNull("JDBC statement [1] result is not null", actualJdbcStatement.getResult()); Assert.assertEquals("JDBC statement [1] error message", "java.sql.SQLException: test DataIntegrityViolationException cause", actualJdbcStatement.getErrorMessage());
lhsErrorMessage = this.getErrorMessage(); String rhsErrorMessage; rhsErrorMessage = that.getErrorMessage(); if (!strategy.equals(LocatorUtils.property(thisLocator, "errorMessage", lhsErrorMessage), LocatorUtils.property(thatLocator, "errorMessage", rhsErrorMessage), lhsErrorMessage, rhsErrorMessage, (this.errorMessage!= null), (that.errorMessage!= null))) { return false;
Assert.assertNull("JDBC statement error message is not null", actualJdbcStatement.getErrorMessage()); Assert.assertNull("JDBC statement result not is null", actualJdbcStatement.getResult()); Assert.assertEquals("JDBC statement SQL", expectedJdbcStatement.getSql(), actualJdbcStatement.getSql());
theErrorMessage = this.getErrorMessage(); currentHashCode = strategy.hashCode(LocatorUtils.property(locator, "errorMessage", theErrorMessage), currentHashCode, theErrorMessage, (this.errorMessage!= null));
theErrorMessage = this.getErrorMessage(); currentHashCode = strategy.hashCode(LocatorUtils.property(locator, "errorMessage", theErrorMessage), currentHashCode, theErrorMessage, (this.errorMessage!= null));
theErrorMessage = this.getErrorMessage(); currentHashCode = strategy.hashCode(LocatorUtils.property(locator, "errorMessage", theErrorMessage), currentHashCode, theErrorMessage, (this.errorMessage!= null));
if (errorMessageShouldBeCopiedAndSet == Boolean.TRUE) { String sourceErrorMessage; sourceErrorMessage = this.getErrorMessage(); String copyErrorMessage = ((String) strategy.copy(LocatorUtils.property(locator, "errorMessage", sourceErrorMessage), sourceErrorMessage, (this.errorMessage!= null))); copy.setErrorMessage(copyErrorMessage);
if (errorMessageShouldBeCopiedAndSet == Boolean.TRUE) { String sourceErrorMessage; sourceErrorMessage = this.getErrorMessage(); String copyErrorMessage = ((String) strategy.copy(LocatorUtils.property(locator, "errorMessage", sourceErrorMessage), sourceErrorMessage, (this.errorMessage!= null))); copy.setErrorMessage(copyErrorMessage);
if (errorMessageShouldBeCopiedAndSet == Boolean.TRUE) { String sourceErrorMessage; sourceErrorMessage = this.getErrorMessage(); String copyErrorMessage = ((String) strategy.copy(LocatorUtils.property(locator, "errorMessage", sourceErrorMessage), sourceErrorMessage, (this.errorMessage!= null))); copy.setErrorMessage(copyErrorMessage);