Connection String (mongodb#1467)

rozza · rozza · commit 55a34982890c · 2024-08-07T17:22:45.000+01:00
Don't output the host and port information if the port is invalid.
Reduces risk of leaking password information if the password has not
been correctly urlencoded.

JAVA-5560
diff --git a/driver-core/src/main/com/mongodb/ConnectionString.java b/driver-core/src/main/com/mongodb/ConnectionString.java
@@ -1157,7 +1157,7 @@ private List<String> parseHosts(final List<String> rawHosts) {
                 }
                 int idx = host.indexOf("]:");
                 if (idx != -1) {
-                    validatePort(host, host.substring(idx + 2));
+                    validatePort(host.substring(idx + 2));
                 }
             } else {
                 int colonCount = countOccurrences(host, ":");
@@ -1166,7 +1166,7 @@ private List<String> parseHosts(final List<String> rawHosts) {
                             + "Reserved characters such as ':' must be escaped according RFC 2396. "
                             + "Any IPv6 address literal must be enclosed in '[' and ']' according to RFC 2732.", host));
                 } else if (colonCount == 1) {
-                    validatePort(host, host.substring(host.indexOf(":") + 1));
+                    validatePort(host.substring(host.indexOf(":") + 1));
                 }
             }
             hosts.add(host);
@@ -1175,19 +1175,17 @@ private List<String> parseHosts(final List<String> rawHosts) {
         return hosts;
     }
 
-    private void validatePort(final String host, final String port) {
-        boolean invalidPort = false;
+    private void validatePort(final String port) {
         try {
             int portInt = Integer.parseInt(port);
             if (portInt <= 0 || portInt > 65535) {
-                invalidPort = true;
+                throw new IllegalArgumentException("The connection string contains an invalid host and port. "
+                        + "The port must be an integer between 0 and 65535.");
             }
         } catch (NumberFormatException e) {
-            invalidPort = true;
-        }
-        if (invalidPort) {
-            throw new IllegalArgumentException(format("The connection string contains an invalid host '%s'. "
-                    + "The port '%s' is not a valid, it must be an integer between 0 and 65535", host, port));
+            throw new IllegalArgumentException("The connection string contains an invalid host and port. "
+                    + "The port contains non-digit characters, it must be an integer between 0 and 65535. "
+                    + "Hint: username and password must be escaped according to RFC 3986.");
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -1157,7 +1157,7 @@ private List<String> parseHosts(final List<String> rawHosts) {`
`1157`	`1157`	`}`
`1158`	`1158`	`int idx = host.indexOf("]:");`
`1159`	`1159`	`if (idx != -1) {`
`1160`		`- validatePort(host, host.substring(idx + 2));`
	`1160`	`+ validatePort(host.substring(idx + 2));`
`1161`	`1161`	`}`
`1162`	`1162`	`} else {`
`1163`	`1163`	`int colonCount = countOccurrences(host, ":");`
`@@ -1166,7 +1166,7 @@ private List<String> parseHosts(final List<String> rawHosts) {`
`1166`	`1166`	`+ "Reserved characters such as ':' must be escaped according RFC 2396. "`
`1167`	`1167`	`+ "Any IPv6 address literal must be enclosed in '[' and ']' according to RFC 2732.", host));`
`1168`	`1168`	`} else if (colonCount == 1) {`
`1169`		`- validatePort(host, host.substring(host.indexOf(":") + 1));`
	`1169`	`+ validatePort(host.substring(host.indexOf(":") + 1));`
`1170`	`1170`	`}`
`1171`	`1171`	`}`
`1172`	`1172`	`hosts.add(host);`
`@@ -1175,19 +1175,17 @@ private List<String> parseHosts(final List<String> rawHosts) {`
`1175`	`1175`	`return hosts;`
`1176`	`1176`	`}`
`1177`	`1177`
`1178`		`- private void validatePort(final String host, final String port) {`
`1179`		`- boolean invalidPort = false;`
	`1178`	`+ private void validatePort(final String port) {`
`1180`	`1179`	`try {`
`1181`	`1180`	`int portInt = Integer.parseInt(port);`
`1182`	`1181`	`if (portInt <= 0 \|\| portInt > 65535) {`
`1183`		`- invalidPort = true;`
	`1182`	`+ throw new IllegalArgumentException("The connection string contains an invalid host and port. "`
	`1183`	`+ + "The port must be an integer between 0 and 65535.");`
`1184`	`1184`	`}`
`1185`	`1185`	`} catch (NumberFormatException e) {`
`1186`		`- invalidPort = true;`
`1187`		`- }`
`1188`		`- if (invalidPort) {`
`1189`		`- throw new IllegalArgumentException(format("The connection string contains an invalid host '%s'. "`
`1190`		`- + "The port '%s' is not a valid, it must be an integer between 0 and 65535", host, port));`
	`1186`	`+ throw new IllegalArgumentException("The connection string contains an invalid host and port. "`
	`1187`	`+ + "The port contains non-digit characters, it must be an integer between 0 and 65535. "`
	`1188`	`+ + "Hint: username and password must be escaped according to RFC 3986.");`
`1191`	`1189`	`}`
`1192`	`1190`	`}`
`1193`	`1191`