patch(TPS-3315): password context values

* Throw runtime exception if password is used in plain text field * Add release note
2019-08-05 15:34:50 +03:00
4 changed files with 138 additions and 47 deletions
--- a/PATCH_RELEASE_NOTE.md
+++ b/PATCH_RELEASE_NOTE.md
@@ -5,13 +5,13 @@ product:
 - https://talend.poolparty.biz/coretaxonomy/23
 ---

-# TPS-4053
+# TPS-3162

 | Info             | Value |
 | ---------------- | ---------------- |
-| Patch Name       | Patch\_20200514\_TPS-4053\_v1-7.2.1 |
-| Release Date     | 2020-05-14 |
-| Target Version   | 20190620\_1446-V7.2.1 |
+| Patch Name       | Patch\_20190805_TPS-3315\_v1-7.2.1 |
+| Release Date     | 2019-06-28 |
+| Target Version   | Talend-Studio-20190620\_1446-V7.2.1 |
 | Product affected | Talend Studio |

 ## Introduction
@@ -24,7 +24,7 @@ This is a self-contained patch.

 This patch contains the following fixes:

- TPS-4053 [7.2.1] Unable to execute the job, receiving "Failed to generate code." when using tAmazonRedshiftManage component.(TDI-44070)
+- TPS-3315 [7.2.1] Additional JDBC Parameter exposes the password when using a context variable of password type (TDI-42721)

 ## Prerequisites

@@ -32,6 +32,7 @@ Consider the following requirements for your system:

 - Talend Studio 7.2.1 must be installed.

+
 ## Installation

 ### Installing the patch using Software update
@@ -63,4 +64,5 @@ Backup the Affected files list below. Uninstall the patch by restore the backup

 The following files are installed by this patch:

- {Talend\_Studio\_path}/plugins/org.talend.designer.components.localprovider\_7.2.1.20190614\_0309/components/tAmazonRedshiftManage/tAmazonRedshiftManage\_begin.javajet
+- {Talend\_Studio\_path}/plugins/org.talend.designer.components.localprovider\_7.2.1.20190614\_0309/components/templates/Log4j/DBLogUtil.javajet
+- {Talend\_Studio\_path}/plugins/org.talend.designer.components.localprovider\_7.2.1.20190614\_0309/components/templates/Log4j/Log4jDBConnUtil.javajet
--- a/main/plugins/org.talend.designer.components.localprovider/components/tAmazonRedshiftManage/tAmazonRedshiftManage_begin.javajet
+++ b/main/plugins/org.talend.designer.components.localprovider/components/tAmazonRedshiftManage/tAmazonRedshiftManage_begin.javajet
@@ -24,9 +24,6 @@
 	String user = ElementParameterParser.getValue(node, "__USER__");
 	String node_type = ElementParameterParser.getValue(node, "__NODE_TYPE__");
 	String node_count = ElementParameterParser.getValue(node, "__NODE_COUNT__");
-	if (node_count.isEmpty()) {
-	    node_count = "1";
-	}
 	
 	boolean isLog4jEnabled = "true".equals(ElementParameterParser.getValue(node.getProcess(), "__LOG4J_ACTIVATE__"));
 	
@@ -91,46 +88,52 @@
    		.withMasterUsername(<%=user%>)
    		.withMasterUserPassword(decryptedPwd_<%=cid%>)
    		
-    		.withNodeType(<%=node_type%>);
+    		.withNodeType(<%=node_type%>)
    		
-		if (<%=node_count%> > 1) {
-		    request_<%=cid%> = request_<%=cid%>.withNumberOfNodes(<%=node_count%>);
-		} else {
-		    request_<%=cid%> = request_<%=cid%>.withClusterType("single-node");
-		}
-					
-		//advanced settings
-		<%if(parameterUtil.isValid(parameter_group_name)) {%>
-		request_<%=cid%> = request_<%=cid%>.withClusterParameterGroupName(<%=parameter_group_name%>);
-		<%}%>
-		
-		<%if(parameterUtil.isValid(subnet_group_name)) {%>
-		request_<%=cid%> = request_<%=cid%>.withClusterSubnetGroupName(<%=subnet_group_name%>);
-		<%}%>
-		
-		<%
-		if(publicly_accessible) {
-		%>
-			request_<%=cid%> = request_<%=cid%>.withPubliclyAccessible(true);
-			<%if(set_public_ip_address) {%>
-			request_<%=cid%> = request_<%=cid%>.withElasticIp(<%=elastic_ip%>);
+    		<%
+    		if(new Integer(node_count) > 1){
+    		%>
+    		.withNumberOfNodes(<%=node_count%>)
+    		<%
+    		} else {
+    		%>
+    		.withClusterType("single-node")
+    		<%
+    		}
+    		%>
+    		
+    		//advanced settings
+    		<%if(parameterUtil.isValid(parameter_group_name)) {%>
+    		.withClusterParameterGroupName(<%=parameter_group_name%>)
+    		<%}%>
+			
+			<%if(parameterUtil.isValid(subnet_group_name)) {%>
+			.withClusterSubnetGroupName(<%=subnet_group_name%>)
 			<%}%>
-		<%
-		} else {
-		%>
-			request_<%=cid%> = request_<%=cid%>.withPubliclyAccessible(false);
-		<%
-		}
-		%>
-		
-		<%if(parameterUtil.isValid(availability_zone)) {%>
-		request_<%=cid%> = request_<%=cid%>.withAvailabilityZone(<%=availability_zone%>);
-		<%}%>
-		
-		<%if(parameterUtil.isValid(vpc_security_groupids)) {%>
-		request_<%=cid%> = request_<%=cid%>.withVpcSecurityGroupIds(<%=vpc_security_groupids%>.split(","));
-		<%}%>
-    	
+			
+			<%
+			if(publicly_accessible) {
+			%>
+				.withPubliclyAccessible(true)
+    			<%if(set_public_ip_address) {%>
+    			.withElasticIp(<%=elastic_ip%>)
+    			<%}%>
+			<%
+			} else {
+			%>
+				.withPubliclyAccessible(false)
+			<%
+			}
+			%>
+			
+			<%if(parameterUtil.isValid(availability_zone)) {%>
+			.withAvailabilityZone(<%=availability_zone%>)
+			<%}%>
+			
+			<%if(parameterUtil.isValid(vpc_security_groupids)) {%>
+			.withVpcSecurityGroupIds(<%=vpc_security_groupids%>.split(","))
+			<%}%>
+    	;
    
    	com.amazonaws.services.redshift.model.Cluster result_<%=cid%> = client_<%=cid%>.createCluster(request_<%=cid%>);
    	<%if(isLog4jEnabled) {%>
--- a/main/plugins/org.talend.designer.components.localprovider/components/templates/Log4j/DBLogUtil.javajet
+++ b/main/plugins/org.talend.designer.components.localprovider/components/templates/Log4j/DBLogUtil.javajet
@@ -3,6 +3,49 @@
 <%@ include file="LogUtil.javajet"%>

 <%
+org.talend.designer.codegen.config.CodeGeneratorArgument codeGenArgument_pwdCheck = (org.talend.designer.codegen.config.CodeGeneratorArgument)argument;
+org.talend.core.model.process.INode node_pwdCheck = (org.talend.core.model.process.INode)codeGenArgument_pwdCheck.getArgument();
+boolean useExistingConnection_pwdCheck = "true".equalsIgnoreCase(ElementParameterParser.getValue(node_pwdCheck,"__USE_EXISTING_CONNECTION__"));
+if(!useExistingConnection_pwdCheck) {
+	String dbhost_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__HOST__");
+	String dbport_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__PORT__");
+	String dbname_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__DBNAME__");
+	String dbproperties_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__PROPERTIES__");
+	final class ValueChecker {
+    	
+		public boolean checkValueForPassword(String inputValue, org.talend.core.model.process.IContext context) {
+			java.util.List<String> parsed = new java.util.ArrayList<String>();
+			String value = inputValue.trim();
+			while(org.talend.core.model.utils.ContextParameterUtils.containContextVariables(value)) {
+				String nonQuoteStr = org.talend.core.utils.TalendQuoteUtils.filterQuote(value);
+				String contextVar = org.talend.core.model.utils.ContextParameterUtils.getVariableFromCode(nonQuoteStr);
+				parsed.add(contextVar);
+				String curValue = org.talend.core.model.utils.ContextParameterUtils.JAVA_NEW_CONTEXT_PREFIX + contextVar;
+				int index = value.indexOf(curValue);
+				if(index != -1) {
+					value = value.substring(index + curValue.length(), value.length());
+				}
+			}
+			for(String parsedParam : parsed) {
+				org.talend.core.model.process.IContextParameter param = context.getContextParameter(parsedParam);
+				if(org.talend.core.model.utils.ContextParameterUtils.isPasswordType(param)) {
+					return true;
+				}
+			}
+			return false;
+		}
+    	
+	}
+	ValueChecker checker = new ValueChecker();
+	org.talend.core.model.process.IContext context_pwdCheck = node_pwdCheck.getProcess().getContextManager().getDefaultContext();
+	if(checker.checkValueForPassword(dbhost_pwdCheck, context_pwdCheck) || checker.checkValueForPassword(dbport_pwdCheck, context_pwdCheck) || checker.checkValueForPassword(dbname_pwdCheck, context_pwdCheck) || checker.checkValueForPassword(dbproperties_pwdCheck, context_pwdCheck)) {
+		%>
+		if(true) {
+			throw new RuntimeException("Password context variable is used in plain text field!");
+		}
+		<%
+	}
+}
 class DBConnLogUtil extends BasicLogUtil{
 	
 	private DBConnLogUtil(){}
--- a/main/plugins/org.talend.designer.components.localprovider/components/templates/Log4j/Log4jDBConnUtil.javajet
+++ b/main/plugins/org.talend.designer.components.localprovider/components/templates/Log4j/Log4jDBConnUtil.javajet
@@ -7,6 +7,49 @@ imports="
 %>
 <%@ include file="Log4jFileUtil.javajet"%>
 <%
+org.talend.designer.codegen.config.CodeGeneratorArgument codeGenArgument_pwdCheck = (org.talend.designer.codegen.config.CodeGeneratorArgument)argument;
+org.talend.core.model.process.INode node_pwdCheck = (org.talend.core.model.process.INode)codeGenArgument_pwdCheck.getArgument();
+boolean useExistingConnection_pwdCheck = "true".equalsIgnoreCase(ElementParameterParser.getValue(node_pwdCheck,"__USE_EXISTING_CONNECTION__"));
+if(!useExistingConnection_pwdCheck) {
+	String dbhost_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__HOST__");
+	String dbport_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__PORT__");
+	String dbname_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__DBNAME__");
+	String dbproperties_pwdCheck = ElementParameterParser.getValue(node_pwdCheck, "__PROPERTIES__");
+	final class ValueChecker {
+    	
+		public boolean checkValueForPassword(String inputValue, org.talend.core.model.process.IContext context) {
+			java.util.List<String> parsed = new java.util.ArrayList<String>();
+			String value = inputValue.trim();
+			while(org.talend.core.model.utils.ContextParameterUtils.containContextVariables(value)) {
+				String nonQuoteStr = org.talend.core.utils.TalendQuoteUtils.filterQuote(value);
+				String contextVar = org.talend.core.model.utils.ContextParameterUtils.getVariableFromCode(nonQuoteStr);
+				parsed.add(contextVar);
+				String curValue = org.talend.core.model.utils.ContextParameterUtils.JAVA_NEW_CONTEXT_PREFIX + contextVar;
+				int index = value.indexOf(curValue);
+				if(index != -1) {
+					value = value.substring(index + curValue.length(), value.length());
+				}
+			}
+			for(String parsedParam : parsed) {
+				org.talend.core.model.process.IContextParameter param = context.getContextParameter(parsedParam);
+				if(org.talend.core.model.utils.ContextParameterUtils.isPasswordType(param)) {
+					return true;
+				}
+			}
+			return false;
+		}
+    	
+	}
+	ValueChecker checker = new ValueChecker();
+	org.talend.core.model.process.IContext context_pwdCheck = node_pwdCheck.getProcess().getContextManager().getDefaultContext();
+	if(checker.checkValueForPassword(dbhost_pwdCheck, context_pwdCheck) || checker.checkValueForPassword(dbport_pwdCheck, context_pwdCheck) || checker.checkValueForPassword(dbname_pwdCheck, context_pwdCheck) || checker.checkValueForPassword(dbproperties_pwdCheck, context_pwdCheck)) {
+		%>
+		if(true) {
+			throw new RuntimeException("Password context variable is used in plain text field!");
+		}
+		<%
+	}
+}
 	class DefaultLog4jCodeGenerateUtil extends DefaultLog4jFileUtil{

 		String connection = "";