Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Failed to sanitize DB2 connection string #614

Closed
weslleyshavo opened this issue Sep 16, 2022 · 3 comments · Fixed by #615
Closed

[Bug]: Failed to sanitize DB2 connection string #614

weslleyshavo opened this issue Sep 16, 2022 · 3 comments · Fixed by #615
Assignees
Labels

Comments

@weslleyshavo
Copy link

Problem Description

The sanitizeConnectionStr function regex doesn't match a connection string where PWD is the last parameter included and does not contain the semicolon. Package: tracingUtil.js
This causes string sanitize not to work.

Short, Self Contained Example

Connection string: "DATABASE=MY_DATABASE;HOSTNAME=localhost;PORT=50000;PROTOCOL=TCPIP;UID=my_user;PWD=123456"

In this case the regex contained in the code does not match, as there is no semicolon.
PWD=.*?(?=;)
image

I suggest using the regex like this:
PWD=.*?(?=;|$)
image

Node.js Version

Node.js v16.14.0

package.json

{
  "name": "instana",
  "version": "1.0.0",
  "description": "",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "weslleyshavo",
  "license": "ISC",
  "dependencies": {
    "@instana/collector": "^2.7.1",
    "ibm_db": "^2.8.2"
  }
}

package-lock.json

body is too long...
@basti1302
Copy link
Contributor

Hey Weslley,

thanks for the detailed report. We'll take a look at this.

@basti1302 basti1302 self-assigned this Sep 19, 2022
basti1302 added a commit that referenced this issue Sep 19, 2022
Improves the regex to redact the password by not expecting a subsequent
semicolon character after the PWD parameter.

fixes #614
basti1302 added a commit that referenced this issue Sep 19, 2022
Improves the regex to redact the password by not expecting a subsequent
semicolon character after the PWD parameter.

fixes #614
basti1302 added a commit that referenced this issue Sep 19, 2022
Improves the regex to redact the password by not expecting a subsequent
semicolon character after the PWD parameter.

fixes #614
@basti1302
Copy link
Contributor

A fix will be released with the next release (probably tomorrow).

@basti1302
Copy link
Contributor

The fix has landed in version 2.8.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants