Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-5560

IllegalArgumentException thrown from ConnectionString could contain sensitive data in its message

    • Fully Compatible
    • Java Drivers
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Summary

      The following malformed connection string throws an IllegalArgumentException that contains sensitive data in its message. 

      MongoClient mongoClient = MongoClients.create("mongodb+srv://tse:foo/@localhost");
      

      or

      ConnectionString connectionString = new ConnectionString("mongodb+srv://tse:foo/@localhost");
      
      Exception in thread "main" java.lang.IllegalArgumentException: The connection string contains an invalid host 'tse:foo'. The port 'foo' is not a valid, it must be an integer between 0 and 65535
          at com.mongodb.ConnectionString.validatePort(ConnectionString.java:1189)
          at com.mongodb.ConnectionString.parseHosts(ConnectionString.java:1169)
          at com.mongodb.ConnectionString.<init>(ConnectionString.java:396)
          at com.mongodb.ConnectionString.<init>(ConnectionString.java:321)
          ...
      

      This can cause the sensitive data to be logged by the application.

      How to Reproduce

      Instantiate a MongoClient or ConnectionString using a password containing a forward slash that is not properly URL encoded.

            Assignee:
            ross@mongodb.com Ross Lawley
            Reporter:
            khalen.fredieu@mongodb.com Khalen Fredieu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: