Fix | Fix bracket escaping in Util.parseUrl() (#1251)

* github 1188 * remove unnecessary method * change * changes * more tests
microsoft · Mar 27, 2020 · ff55ef4 · ff55ef4
1 parent 02af541
commit ff55ef4
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 18 deletions.
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/Util.java b/src/main/java/com/microsoft/sqlserver/jdbc/Util.java
@@ -416,29 +416,43 @@ else if (ch == ':')
                     break;
                 }
                 case inEscapedValueStart: {
-                    if (ch == '}') {
-                        // no trimming use the value as it is.
-                        name = SQLServerDriver.getNormalizedPropertyName(name, logger);
-                        if (null != name) {
-                            if (logger.isLoggable(Level.FINE)) {
-                                if (!name.equals(SQLServerDriverStringProperty.USER.toString())
-                                        && !name.equals(SQLServerDriverStringProperty.PASSWORD.toString()))
-                                    logger.fine("Property:" + name + " Value:" + value);
-                            }
-                            p.put(name, value);
-                        }
-
-                        name = "";
-                        value = "";
-                        // to eat the spaces until the ; potentially we could do without the state but
-                        // it would not be clean
-                        state = inEscapedValueEnd;
-                    } else {
+                    /* check for escaped }.
+                    * when we see a }, first check to see if this is before the end of the string to avoid index out of range exception
+                    * then check if the character immediately after is also a }.
+                    * if it is, then we have a }}, which is not the closing of the escaped state.
+                    */
+                    if (ch == '}' && i + 1 < tmpUrl.length() && tmpUrl.charAt(i + 1) == '}') {
                         builder = new StringBuilder();
                         builder.append(value);
                         builder.append(ch);
                         value = builder.toString();
+                        i++; // escaped }} into a }, so increment the counter once more
                         // same state
+                    } else {
+                        if (ch == '}') {
+                            // no trimming use the value as it is.
+                            name = SQLServerDriver.getNormalizedPropertyName(name, logger);
+                            if (null != name) {
+                                if (logger.isLoggable(Level.FINE)) {
+                                    if (!name.equals(SQLServerDriverStringProperty.USER.toString())
+                                            && !name.equals(SQLServerDriverStringProperty.PASSWORD.toString()))
+                                        logger.fine("Property:" + name + " Value:" + value);
+                                }
+                                p.put(name, value);
+                            }
+
+                            name = "";
+                            value = "";
+                            // to eat the spaces until the ; potentially we could do without the state but
+                            // it would not be clean
+                            state = inEscapedValueEnd;
+                        } else {
+                            builder = new StringBuilder();
+                            builder.append(value);
+                            builder.append(ch);
+                            value = builder.toString();
+                            // same state
+                        }
                     }
                     break;
                 }

diff --git a/src/test/java/com/microsoft/sqlserver/jdbc/UtilTest.java b/src/test/java/com/microsoft/sqlserver/jdbc/UtilTest.java
@@ -7,6 +7,7 @@
 import static org.junit.Assert.assertEquals;
 
 import java.sql.SQLException;
+import java.util.Properties;
 import java.util.UUID;
 
 import org.junit.jupiter.api.Test;
@@ -38,6 +39,30 @@ public void testLongConversions() {
         writeAndReadLong(Long.MAX_VALUE / 2);
         writeAndReadLong(Long.MAX_VALUE);
     }
+
+    @Test
+    public void testparseUrl() throws SQLException {
+        java.util.logging.Logger drLogger = java.util.logging.Logger
+                .getLogger("com.microsoft.sqlserver.jdbc.internals.SQLServerDriver");
+        String constr = "jdbc:sqlserver://localhost;password={pasS}};word={qq};user=username;portName=1433;databaseName=database;";
+        Properties prt = Util.parseUrl(constr, drLogger);
+        assertEquals(prt.getProperty("password"), "pasS};word={qq");
+        assertEquals(prt.getProperty("serverName"), "localhost");
+        assertEquals(prt.getProperty("user"), "username");
+        assertEquals(prt.getProperty("databaseName"), "database");
+
+        constr = "jdbc:sqlserver://localhost;password={pasS}}}";
+        prt = Util.parseUrl(constr, drLogger);
+        assertEquals(prt.getProperty("password"), "pasS}");
+
+        constr = "jdbc:sqlserver://localhost;password={pasS}}} ";
+        prt = Util.parseUrl(constr, drLogger);
+        assertEquals(prt.getProperty("password"), "pasS}");
+
+        constr = "jdbc:sqlserver://localhost;password={pasS}}} ;";
+        prt = Util.parseUrl(constr, drLogger);
+        assertEquals(prt.getProperty("password"), "pasS}");
+    }
 
     private void writeAndReadLong(long valueToTest) {
         byte[] buffer = new byte[8];