Commit b5f5806

and

authored

fix: Secure token storage to prevent memory exposure (#12)

* fix: Secure token storage to prevent memory exposure This commit addresses critical security vulnerabilities related to token exposure in memory by implementing a hybrid approach that combines secure storage with on-demand connection string building. **Security Issues Fixed:** - Token stored in cached connection strings (indefinite memory exposure) - Plain std::string storage susceptible to memory dumps - Tokens potentially visible in error messages and logs - No secure zeroing of sensitive data after use **Changes:** 1. **SecureString Implementation** (include/databricks/internal/secure_string.h) - Custom allocator with memory locking (mlock/VirtualLock) - Secure zeroing using volatile writes to prevent compiler optimization - Platform-specific implementations (Windows/Linux/macOS) - Utility functions for safe token handling 2. **AuthConfig Security Enhancement** (include/databricks/core/config.h) - Added private SecureString secure_token_ member - Added set_token() and get_secure_token() methods - Maintained backward compatibility with public token field - Updated config loading to use secure storage 3. **Connection String Caching Removed** (src/core/client.cpp) - Removed cached_connection_string member - Build connection strings on-demand only - Secure zero immediately after SQLDriverConnect() call - Clear ODBC output buffer that may contain sensitive data 4. **Token Sanitization** (src/core/client.cpp) - Added sanitize_error_message() to redact tokens from logs - Pattern matching to remove PWD=<value> from error strings - Applied to all error logging locations 5. **PoolKey Security** (src/internal/pool_manager.h/cpp) - Changed token storage from std::string to SecureString - Updated hash computation and equality operators 6. **Security Test Suite** (tests/unit/core/security_test.cpp) - 12 comprehensive test cases - Validates secure zeroing, token handling, and backward compatibility **Backward Compatibility:** - No breaking API changes - Public token field still works - Gradual migration path available - Suitable for minor version bump (v0.2.5 or v0.3.0) **Testing:** - All 120 tests pass (108 existing + 12 new security tests) - No regressions introduced - Verified on macOS with AppleClang 17.0.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * Remove Basic Tokens * Update Token References and Unit Tests * Update Verbose README.md * v0.3.0 Tag Update --------- Co-authored-by: Claude <[email protected]>

1 parent 4301d04 commit b5f5806Copy full SHA for b5f5806

18 files changed

+867

-525

lines changed

CMakeLists.txt
README.md
include/databricks
- core
  - client.h
  - config.h
- internal
  - secure_string.h
src
- core
  - client.cpp
  - config.cpp
- internal
tests/unit

18 files changed

+867

-525

lines changed

`‎CMakeLists.txt‎`

-Original file line number
+Diff line change
@@ @@ -1,6 +1,6 @@ @@
 cmake_minimum_required(VERSION 3.14)
 project(databricks_sdk
 -    VERSION 0.2.4
 +    VERSION 0.3.0
     DESCRIPTION "Databricks C++ SDK"
     LANGUAGES CXX)

Comments

(0)