HikariCP
HikariCP copied to clipboard
Incorrect URL sanitation
DriverDataSource class contains this line:
String sanitizedUrl = jdbcUrl.replaceAll("([?&;]password=)[^&#;]*(.*)", "$1<masked>$2");
Recently I stumbled upon issue with passwords containing for example semicolon. When driver is not found I see in the exception message that only half of the password was masked. Verified that this line is still in current dev branch.
Environment
HikariCP version: 3.4.0
JDK version : 12
Database : MS SQL
Driver version : 7.2.0
Today I've got some evidence that semicolon in password could lead to connection failure. Probably issue exists not only in this exception message sanitation code but in JDBC URL handling code as well.
Can you resolve the problem?