Log in
Log in
Log in
Book a Demo
Get Started
632.5K 457.6K 7.8K
Back to Repositories

Validating JDBC URL Security Configuration in HikariCP

This test suite validates the configuration handling and security features of HikariCP’s JDBC URL processing, with particular focus on password masking in logging output. The tests ensure sensitive connection credentials are properly obscured when logging database connection details.

Test Coverage Overview

The test suite provides comprehensive coverage of JDBC URL parsing and logging security.

Key areas tested include:
  • Multiple JDBC URL formats and variations
  • Password parameter masking in different positions
  • Multiple security-sensitive parameters (password, truststorePassword, sslpassword)
  • Various URL parameter combinations and edge cases

Implementation Analysis

The testing approach employs JUnit for systematic validation of HikariCP’s configuration handling. It uses a custom TestAppender to capture and verify log output, ensuring sensitive data is properly masked.

Testing patterns include:
  • Setup/teardown patterns for log capture
  • Parameterized testing using multiple URL variants
  • Assertion-based validation of log content

Technical Details

Testing infrastructure includes:
  • JUnit 4 testing framework
  • Log4j2 for logging verification
  • Custom AbstractAppender implementation
  • HikariConfig validation utilities
  • Setup/teardown methods for test isolation

Best Practices Demonstrated

The test suite exemplifies several testing best practices:

  • Proper test isolation through @Before and @After methods
  • Comprehensive security testing for sensitive data handling
  • Modular test helper methods
  • Clear test method naming conventions
  • Effective use of custom testing utilities

brettwooldridge/hikaricp

src/test/java/com/zaxxer/hikari/HikariConfigTest.java

            
/*
 * Copyright (C) 2013, 2014 Brett Wooldridge
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
*/

package com.zaxxer.hikari;

import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.core.Filter;
import org.apache.logging.log4j.core.Layout;
import org.apache.logging.log4j.core.LogEvent;
import org.apache.logging.log4j.core.LoggerContext;
import org.apache.logging.log4j.core.appender.AbstractAppender;
import org.apache.logging.log4j.core.config.Configuration;
import org.apache.logging.log4j.core.config.LoggerConfig;
import org.apache.logging.log4j.core.config.Property;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

import java.util.Arrays;
import java.util.List;

import static com.zaxxer.hikari.pool.TestElf.newHikariConfig;
import static org.junit.Assert.*;

public class HikariConfigTest {
   private TestAppender testAppender = new TestAppender();

   @Before
   public void setup() {
      getLoggerConfig().addAppender(testAppender, Level.ALL, null);
   }

   @After
   public void tearDown() {
      getLoggerConfig().removeAppender(testAppender.getName());
   }

   private static LoggerConfig getLoggerConfig() {
      LoggerContext loggerContext = (LoggerContext) LogManager.getContext(false);
      Configuration configuration = loggerContext.getConfiguration();
      return configuration.getRootLogger();
   }

   @Test
   public void testJdbcUrlLogging() {
      List<String> urls = Arrays.asList(
         "jdbc:postgresql://host/d_dlq?user=USER&password=SECRET",
         "jdbc:postgresql://host/d_dlq?user=USER&truststorePassword=SECRET",
         "jdbc:postgresql://host/d_dlq?a=b&password=SECRET&user=USER",
         "jdbc:postgresql://host/d_dlq?a=b&sslpassword=SECRET&user=USER",
         "jdbc:postgresql://host/d_dlq?truststorePassword=SECRET;user=USER&password=SECRET#extra",
         "jdbc:postgresql://host/d_dlq?a=b&sslpassword=SECRET&password=SECRET&user=USER",
         "jdbc:postgresql://host/d_dlq?sslpassword=SECRET&password=SECRET&trustPassword=SECRET&user=USER",
         "jdbc:postgresql://host/d_dlq?password=SECRET#user=USER;extra"
      );

      for (String url : urls) {
         testJdbcUrl(url);
      }
   }

   private void testJdbcUrl(String jdbcUrl) {
      HikariConfig config = newHikariConfig();
      config.setJdbcUrl(jdbcUrl);
      config.validate();

      assertTrue(testAppender.getLog().contains("jdbc:postgresql://host/d_dlq"));
      assertTrue(testAppender.getLog().contains("user=USER"));
      assertFalse("Log should not contain password", testAppender.getLog().contains("SECRET"));
   }


   private static class TestAppender extends AbstractAppender {

      private String log;

      TestAppender() {
         super("TestAppender", (Filter)null, (Layout)null, true, Property.EMPTY_ARRAY);
      }

      @Override
      public void append(LogEvent event) {
         log += event.getMessage().getFormattedMessage() + "\n";
      }

      String getLog() {
         return log;
      }
   }
}