Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-760534 Added URLValidator and URLEncoder #1297

Merged
merged 5 commits into from
Mar 16, 2023
Merged

SNOW-760534 Added URLValidator and URLEncoder #1297

merged 5 commits into from
Mar 16, 2023

Conversation

sfc-gh-hchaturvedi
Copy link
Collaborator

Overview

SNOW-760534

Snowflake JDBC Driver does not validate SSO URL before executing it. Added a URLValidator utility to address that.
Also added URL Encoder to be used by OCSP Code to URL Encode the base64 encoded OCSP Request before sending it out on the wire.

External contributors - please answer these questions before submitting a pull request. Thanks!

Please answer these questions before submitting your pull requests. Thanks!

  1. What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

    Fixes #NNNN

  2. Fill out the following pre-review checklist:

    • I am adding a new automated test(s) to verify correctness of my new code
    • I am adding new logging messages
    • I am modifying authorization mechanisms
    • I am adding new credentials
    • I am modifying OCSP code
    • I am adding a new dependency

  3. Please describe how your code solves the related issue.

    Please write a short description of how your code change solves the related issue.

Pre-review checklist

  • This change has passed precommit
  • I have reviewed code coverage report for my PR in (Sonarqube)

@sfc-gh-hchaturvedi sfc-gh-hchaturvedi requested a review from a team as a code owner March 16, 2023 07:42
sfc-gh-igarish
sfc-gh-igarish reviewed Mar 16, 2023
View reviewed changes
src/main/java/net/snowflake/client/core/URLUtil.java Outdated
static final SFLogger logger = SFLoggerFactory.getLogger(URLUtil.class);
public static boolean isValidURL(String url) {
try {
new URL(url).toURI();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check .NET PR. URL still valid if it start with "file://" and it can do command injectsion. We need reg expresion for http and https prefix same as .NET.

sfc-gh-igarish
sfc-gh-igarish reviewed Mar 16, 2023
View reviewed changes
src/test/java/net/snowflake/client/core/URLUtilTest.java
@@ -0,0 +1,30 @@
/*
* Copyright (c) 2012-2023 Snowflake Computing Inc. All rights reserved.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add test for file: URL. It should fail.

sfc-gh-igarish
sfc-gh-igarish approved these changes Mar 16, 2023
View reviewed changes
Copy link
Collaborator

@sfc-gh-igarish sfc-gh-igarish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sfc-gh-hchaturvedi sfc-gh-hchaturvedi enabled auto-merge (squash) March 16, 2023 21:56
@sfc-gh-hchaturvedi sfc-gh-hchaturvedi merged commit 4be4b18 into master Mar 16, 2023
@sfc-gh-hchaturvedi sfc-gh-hchaturvedi deleted the hchaturvedi_snow_760534_validate_sso_url branch March 16, 2023 22:48
@github-actions github-actions bot locked and limited conversation to collaborators Mar 16, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sfc-gh-igarish sfc-gh-igarish sfc-gh-igarish approved these changes

@sfc-gh-ext-simba-lb sfc-gh-ext-simba-lb sfc-gh-ext-simba-lb approved these changes

@sfc-gh-mknister sfc-gh-mknister Awaiting requested review from sfc-gh-mknister

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sfc-gh-hchaturvedi @sfc-gh-igarish @sfc-gh-ext-simba-lb