Skip to content

Commit

Permalink
swap exception expectation
Browse files Browse the repository at this point in the history
  • Loading branch information
krasinski committed Oct 25, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 11ad348 commit d5e0a07
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions h2o-core/src/test/java/water/jdbc/SQLManagerTest.java
Original file line number Diff line number Diff line change
@@ -148,21 +148,21 @@ public void testBuildSelectChunkSql() {

@Test
public void testValidateJdbcConnectionStringH2() {
exception.expect(IllegalArgumentException.class);
exception.expectMessage("Potentially dangerous JDBC parameter found: init");

String h2MaliciousJdbc = "jdbc:h2:mem:test;MODE=MSSQLServer;init=CREATE ALIAS RBT AS '@groovy.transform.ASTTest(value={ assert java.lang.Runtime.getRuntime().exec(\"reboot\")" + "})" + "def rbt" + "'";

SQLManager.validateJdbcUrl(h2MaliciousJdbc);

exception.expect(IllegalArgumentException.class);
exception.expectMessage("Potentially dangerous JDBC parameter found: init");
}

@Test
public void testValidateJdbcConnectionStringMysql() {
exception.expect(IllegalArgumentException.class);
exception.expectMessage("Potentially dangerous JDBC parameter found: autoDeserialize");

String mysqlMaliciousJdbc = "jdbc:mysql://domain:123/test?autoDeserialize=true&queryInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor&user=abcd";

SQLManager.validateJdbcUrl(mysqlMaliciousJdbc);

exception.expect(IllegalArgumentException.class);
exception.expectMessage("Potentially dangerous JDBC parameter found: autoDeserialize");
}
}

0 comments on commit d5e0a07

Please sign in to comment.