#1595 Sensitive information may be leaked in displaySqlResults of org.hsqldb.cmdline.SqlFile
In org.hsqldb.cmdline.SqlFile,
public String streamToString(InputStream is, final String cs)
throws IOException {
while (bytesread < ba.length &&
(retval = is.read(
ba, bytesread, ba.length - bytesread)) > 0) {
bytesread += retval;
}
}
......
private void displaySqlResults(Statement statement,
ResultSet r, final int[] incCols, final String filterString,
final boolean updateStatus) throws SQLException, SqlToolError {
......
if (excludeSysSchemas && interactive)
stdprintln(SqltoolRB.vendor_nosup_sysschemas.getString());
......
for (int i = 0; i < headerArray.length; i++) {
dsvSafe(headerArray[i]);
pwDsv.print(headerArray[i]);
if (i < headerArray.length - 1)
pwDsv.print(dsvColDelim);
}
pwDsv.print(dsvRowDelim);
......
for (int j = 0; j < fArray.length; j++) {
if (pwDsv == null) dsvSafe(fArray[j]);
pwDsv.print((fArray[j] == null)
? (autonulls[j] ? "" : nullRepToken)
: fArray[j]);
if (j < fArray.length - 1) pwDsv.print(dsvColDelim);
}
pwDsv.print(dsvRowDelim);
The sensitive information (for headerArray and dsvColDelim) may be leaked.
We may be able to add control on them.
Should I open a PR for it?
This ticked is not clear.