Re: [PR] fixed:a minor issue change [hertzbeat]

Fri, 20 Jun 2025 02:21:37 -0700 


a-little-fool commented on code in PR #3428:
URL: https://github.com/apache/hertzbeat/pull/3428#discussion_r2158451074


##########
hertzbeat-collector/hertzbeat-collector-basic/src/main/java/org/apache/hertzbeat/collector/collect/database/JdbcCommonCollect.java:
##########
@@ -354,18 +354,39 @@ private String constructDatabaseUrl(JdbcProtocol 
jdbcProtocol, String host, Stri
             if (jdbcProtocol.getUrl().length() > 2048) {
                 throw new IllegalArgumentException("JDBC URL length exceeds 
maximum limit of 2048 characters");
             }
-            // remove special characters
-            String cleanedUrl = 
jdbcProtocol.getUrl().replaceAll("[\\x00-\\x1F\\x7F]", "");
+            String cleanedUrl = jdbcProtocol.getUrl();
+            // Decode and normalize the URL to handle escaped characters and 
potential obfuscation
+            try {
+                cleanedUrl = java.net.URLDecoder.decode(cleanedUrl, "UTF-8");
+            } catch (Exception e) {
+                // ignore decoding errors, use original url
+            }
+            // Remove special and invisible characters, including  
+            cleanedUrl = cleanedUrl.replaceAll("[\\x00-\\x1F\\x7F\\xA0]", "");
             String url = cleanedUrl.toLowerCase();
             // backlist check
             for (String keyword : BLACK_LIST) {
-                if (url.contains(keyword)) {
+                if (url.contains(keyword.toLowerCase())) {
                     throw new IllegalArgumentException("Invalid JDBC URL: 
contains potentially malicious parameter: " + keyword);
                 }
             }
-            // url format check
-            if (!url.matches("^jdbc:[a-zA-Z0-9]+://[^\\s]+$")) {
-                throw new IllegalArgumentException("Invalid JDBC URL format");
+            // url format check - potentially adjust regex based on H2 
specifics if needed
+            if (jdbcProtocol.getPlatform() != null && 
jdbcProtocol.getPlatform().equalsIgnoreCase("h2")) {
+                String h2Url = url;
+                // Uniformly handle invisible characters (e.g., \u00A0), 
replacing them with spaces
+                h2Url = h2Url.replaceAll("[\\x00-\\x1F\\x7F\\xA0]", " ");
+                // Convert to lowercase
+                h2Url = h2Url.toLowerCase();

Review Comment:
   Other JDBC drivers, I will try to discover in the next few days.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to