HyperSQL Database Engine (HSQLDB) / Bugs / #1594 Sensitive information may be leaked in condlPrint of org.hsqldb.cmdline.SqlFile

#1594 Sensitive information may be leaked in condlPrint of org.hsqldb.cmdline.SqlFile

Milestone: version 2.5.x

Status: closed-rejected

Owner: Fred Toussi

Labels: None

Priority: 5

Updated: 2021-03-07

Created: 2020-10-21

Creator: Xiaoqin Fu

Private: No

In org.hsqldb.cmdline.SqlFile,
public String streamToString(InputStream is, final String cs)
throws IOException {
while (bytesread < ba.length &&
(retval = is.read(
ba, bytesread, ba.length - bytesread)) > 0) {
bytesread += retval;
}
}
......
private void condlPrint(final String s, final boolean printHtml) {
if ((printHtml && !htmlMode) || (htmlMode && !printHtml)) return;

    if (shared.psStd != null) shared.psStd.print(s);

    if (pwQuery != null) {
        pwQuery.print(s);
        pwQuery.flush();
    }
}

The sensitive information (String s) may be leaked.
We may be able to add control on it.

Discussion

Xiaoqin Fu - 2020-12-21

Should I open a PR for it?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Fred Toussi - 2021-03-07

status: open --> closed-rejected

assigned_to: Fred Toussi
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Fred Toussi - 2021-03-07

This ticket is not clear.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Sensitive information may be leaked in condlPrint of org.hsqldb.cmdline.SqlFile

Relational Database

Group

Searches

Help

#1594 Sensitive information may be leaked in condlPrint of org.hsqldb.cmdline.SqlFile

Discussion