Add urlencode check for jdbc url in SecurityUtils.java and fix password leak in HiveUtils.java (#5261)

Author: Le1a

linkis-commons/linkis-common/src/main/java/org/apache/linkis/common/utils/SecurityUtils.java

@@ -124,6 +124,19 @@ public static void checkJdbcConnParams(
 
     // 4. Check url security, especially for the possibility of malicious characters appearing on
     // the host
+    try {
+      while (url.contains("%")) {
+        String decodedUrl = URLDecoder.decode(url, "UTF-8");
+        if (decodedUrl.equals(url)) {
+          // If the decomposition is the same as the original, avoid infinite loop
+          break;
+        }
+        url = decodedUrl;
+      }
+    } catch (UnsupportedEncodingException e) {
+      logger.error("URL decode failed: {}", e.getMessage());
+      throw new LinkisSecurityException(35001, "URL decode failed.");
+    }
     checkUrlIsSafe(url);
   }
 

linkis-public-enhancements/linkis-datasource/linkis-metadata/src/main/java/org/apache/linkis/metadata/util/HiveUtils.java

@@ -49,7 +49,7 @@ public static String decode(String str) {
     try {
       res = new String(decoder.decode(str));
     } catch (Throwable e) {
-      logger.error(str + " decode failed", e);
+      logger.error("decode failed", e);
     }
     return res;
   }