matthiasblaesing commented on a change in pull request #3765:
URL: https://github.com/apache/netbeans/pull/3765#discussion_r834146782
##########
File path:
java/java.lsp.server/src/org/netbeans/modules/java/lsp/server/db/DBAddConnection.java
##########
@@ -66,12 +70,66 @@
@ServiceProvider(service = CodeActionsProvider.class)
public class DBAddConnection extends CodeActionsProvider {
public static final String DB_ADD_CONNECTION = "db.add.connection"; //
NOI18N
+ public static final String USER_ID = "userId"; // NOI18N
+ public static final String PASSWORD = "password"; // NOI18N
+ public static final String DRIVER = "driver"; // NOI18N
+ public static final String DB_URL = "url"; // NOI18N
+ public static final String SCHEMA = "schema"; // NOI18N
+ public static final String DISPLAY_NAME = "displayName"; // NOI18N
+
+ private static final Set<String> COMMANDS = new
HashSet<>(Arrays.asList(DB_ADD_CONNECTION));
+
+ private final Gson gson = new Gson();
@Override
public CompletableFuture<Object> processCommand(NbCodeLanguageClient
client, String command, List<Object> arguments) {
if (!DB_ADD_CONNECTION.equals(command)) {
return null;
}
+
+ String userId = null;
+ String dbUrl = null;
+ String driverClass = null;
+
+ final Map m = gson.fromJson(gson.toJson(arguments.get(0)), Map.class);
+ if (m != null) {
+ userId = (String) m.get(USER_ID);
+ dbUrl = (String) m.get(DB_URL);
+ driverClass = (String) m.get(DRIVER);
+
+ }
+ if (dbUrl != null && driverClass != null) {
+
+ JDBCDriver[] driver =
JDBCDriverManager.getDefault().getDrivers(driverClass); //NOI18N
+ if (driver != null && driver.length > 0) {
+ CompletableFuture<String> usernameFuture = userId != null ?
CompletableFuture.completedFuture(userId) : client.showInputBox(new
ShowInputBoxParams(
+ Bundle.MSG_EnterUsername(), userId));
+
+ usernameFuture.thenAccept((username) -> { //NOI18N
+ if (username == null) {
+ return;
+ }
+ char[] password = m.get(PASSWORD) == null ? null
+ : ((List<Double>) m.get(PASSWORD)).stream().map(n
-> Character.toString((char)
n.byteValue())).collect(Collectors.joining()).toCharArray();
Review comment:
This is wrong. The common reason to collect passwords into char arrays
is that they can be cleared on the heap, while strings might be interned and
thus retained indefinitetely. However at this point the data already went
through several transformations (including a string variant) and thus the
argument is moot.
This also breaks non-ascii passwords. There are multiple problematic
assumptions:
- the sending side must know, that the password is expected to be a sequence
of UTF-16 code units (you go through Character)
- the value seems transferred as a JSON number array and the each element is
treated as a byte. Once you get out of the range of a single byte the value is
truncated and thus wrong.
##########
File path:
java/java.lsp.server/src/org/netbeans/modules/java/lsp/server/db/DBAddConnection.java
##########
@@ -66,12 +70,66 @@
@ServiceProvider(service = CodeActionsProvider.class)
public class DBAddConnection extends CodeActionsProvider {
public static final String DB_ADD_CONNECTION = "db.add.connection"; //
NOI18N
+ public static final String USER_ID = "userId"; // NOI18N
+ public static final String PASSWORD = "password"; // NOI18N
+ public static final String DRIVER = "driver"; // NOI18N
+ public static final String DB_URL = "url"; // NOI18N
+ public static final String SCHEMA = "schema"; // NOI18N
+ public static final String DISPLAY_NAME = "displayName"; // NOI18N
+
+ private static final Set<String> COMMANDS = new
HashSet<>(Arrays.asList(DB_ADD_CONNECTION));
+
+ private final Gson gson = new Gson();
@Override
public CompletableFuture<Object> processCommand(NbCodeLanguageClient
client, String command, List<Object> arguments) {
if (!DB_ADD_CONNECTION.equals(command)) {
return null;
}
+
+ String userId = null;
+ String dbUrl = null;
+ String driverClass = null;
+
+ final Map m = gson.fromJson(gson.toJson(arguments.get(0)), Map.class);
+ if (m != null) {
+ userId = (String) m.get(USER_ID);
+ dbUrl = (String) m.get(DB_URL);
+ driverClass = (String) m.get(DRIVER);
+
+ }
+ if (dbUrl != null && driverClass != null) {
+
+ JDBCDriver[] driver =
JDBCDriverManager.getDefault().getDrivers(driverClass); //NOI18N
+ if (driver != null && driver.length > 0) {
+ CompletableFuture<String> usernameFuture = userId != null ?
CompletableFuture.completedFuture(userId) : client.showInputBox(new
ShowInputBoxParams(
+ Bundle.MSG_EnterUsername(), userId));
+
+ usernameFuture.thenAccept((username) -> { //NOI18N
+ if (username == null) {
+ return;
+ }
+ char[] password = m.get(PASSWORD) == null ? null
+ : ((List<Double>) m.get(PASSWORD)).stream().map(n
-> Character.toString((char)
n.byteValue())).collect(Collectors.joining()).toCharArray();
+ CompletableFuture<String> passwordFuture = password !=
null ? CompletableFuture.completedFuture(new String(password)) :
client.showInputBox(new ShowInputBoxParams(
Review comment:
Can't the sending side be expected to provide the password with the data
instead of relying on additional callbacks? The same question applies to the
username.
##########
File path:
java/java.lsp.server/src/org/netbeans/modules/java/lsp/server/db/DBAddConnection.java
##########
@@ -66,12 +70,66 @@
@ServiceProvider(service = CodeActionsProvider.class)
public class DBAddConnection extends CodeActionsProvider {
public static final String DB_ADD_CONNECTION = "db.add.connection"; //
NOI18N
+ public static final String USER_ID = "userId"; // NOI18N
+ public static final String PASSWORD = "password"; // NOI18N
+ public static final String DRIVER = "driver"; // NOI18N
+ public static final String DB_URL = "url"; // NOI18N
+ public static final String SCHEMA = "schema"; // NOI18N
+ public static final String DISPLAY_NAME = "displayName"; // NOI18N
+
+ private static final Set<String> COMMANDS = new
HashSet<>(Arrays.asList(DB_ADD_CONNECTION));
+
+ private final Gson gson = new Gson();
@Override
public CompletableFuture<Object> processCommand(NbCodeLanguageClient
client, String command, List<Object> arguments) {
if (!DB_ADD_CONNECTION.equals(command)) {
return null;
}
+
+ String userId = null;
+ String dbUrl = null;
+ String driverClass = null;
+
+ final Map m = gson.fromJson(gson.toJson(arguments.get(0)), Map.class);
Review comment:
This looks fishy I read this as deserialized value -> gson serialization
-> gson deserialization. Why? Without further context a java map is the natural
mapping of a JS object.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
