Synced branch with and merged the origin/jdbc-detector-regex-fix branch

Author: MuneebUllahKhan222

pkg/detectors/jdbc/jdbc.go

@@ -84,7 +84,7 @@ matchLoop:
 		}
 
 		if verify {
-			j, err := newJDBC(logCtx, jdbcConn)
+			j, err := NewJDBC(logCtx, jdbcConn)
 			if err != nil {
 				continue
 			}
@@ -207,31 +207,13 @@ func tryRedactRegex(conn string) (string, bool) {
 	return newConn, true
 }
 
-var supportedSubprotocols = map[string]func(logContext.Context, string) (jdbc, error){
-	"mysql":      ParseMySQL,
-	"postgresql": ParsePostgres,
-	"sqlserver":  ParseSqlServer,
+var supportedSubprotocols = map[string]func(logContext.Context, string) (JDBC, error){
+	"mysql":      parseMySQL,
+	"postgresql": parsePostgres,
+	"sqlserver":  parseSqlServer,
 }
 
-type pingResult struct {
-	err         error
-	determinate bool
-}
-
-// ConnectionInfo holds parsed connection information
-type ConnectionInfo struct {
-	Host     string // includes port if specified, e.g., "host:port"
-	Database string
-	User     string
-	Password string
-	Params   map[string]string
-}
-
-type jdbc interface {
-	ping(context.Context) pingResult
-}
-
-func newJDBC(ctx logContext.Context, conn string) (jdbc, error) {
+func NewJDBC(ctx logContext.Context, conn string) (JDBC, error) {
 	// expected format: "jdbc:{subprotocol}:{subname}"
 	if !strings.HasPrefix(strings.ToLower(conn), "jdbc:") {
 		return nil, errors.New("expected jdbc prefix")
@@ -243,11 +225,11 @@ func newJDBC(ctx logContext.Context, conn string) (jdbc, error) {
 		return nil, errors.New("expected a colon separated subprotocol and subname")
 	}
 
-	// get the subprotocol parser
 	parser, ok := supportedSubprotocols[strings.ToLower(subprotocol)]
 	if !ok {
-		return nil, errors.New("unsupported subprotocol")
+		return nil, fmt.Errorf("unsupported subprotocol: %s", subprotocol)
 	}
+
 	return parser(ctx, subname)
 }
 

pkg/detectors/jdbc/jdbc_test.go

@@ -7,6 +7,9 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/kylelemons/godebug/pretty"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	logContext "github.com/trufflesecurity/trufflehog/v3/pkg/context"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/engine/ahocorasick"
 )
@@ -191,3 +194,46 @@ func TestJdbc_FromDataWithIgnorePattern(t *testing.T) {
 		})
 	}
 }
+
+func TestParseJDBCURL_EdgeCases(t *testing.T) {
+	t.Run("MySQL with special characters in password", func(t *testing.T) {
+		// Special chars: @ # $ % ^ & * ( )
+		jdbcURL := "jdbc:mysql://user:p@ss%23word@localhost:3306/testdb"
+		jdbc, err := NewJDBC(logContext.Background(), jdbcURL)
+		require.NoError(t, err)
+
+		info := jdbc.GetConnectionInfo()
+		assert.NoError(t, err)
+		assert.NotNil(t, info)
+		assert.Equal(t, "user", info.User)
+		// URL encoding should be handled by url.Parse
+	})
+
+	t.Run("PostgreSQL with empty database", func(t *testing.T) {
+		jdbcURL := "jdbc:postgresql://user:pass@localhost:5432"
+		jdbc, err := NewJDBC(logContext.Background(), jdbcURL)
+		require.NoError(t, err)
+
+		info := jdbc.GetConnectionInfo()
+		assert.Equal(t, "postgres", info.Database) // default
+	})
+
+	t.Run("SQL Server with multiple semicolon params", func(t *testing.T) {
+		jdbcURL := "jdbc:sqlserver://localhost:1433;database=testdb;user=sa;password=Pass123;encrypt=true;trustServerCertificate=false"
+		jdbc, err := NewJDBC(logContext.Background(), jdbcURL)
+		require.NoError(t, err)
+
+		info := jdbc.GetConnectionInfo()
+		assert.Equal(t, "testdb", info.Database)
+		assert.Equal(t, "sa", info.User)
+		assert.Equal(t, "Pass123", info.Password)
+	})
+
+	t.Run("MySQL missing host", func(t *testing.T) {
+		// Missing // after prefix - will trigger error
+		jdbcURL := "jdbc:mysql:/testdb"
+		_, err := NewJDBC(logContext.Background(), jdbcURL)
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "expected host to start with //")
+	})
+}

pkg/detectors/jdbc/models.go

@@ -0,0 +1,56 @@
+package jdbc
+
+import (
+	"context"
+)
+
+type DatabaseType int
+
+const (
+	Unknown DatabaseType = iota
+	MySQL
+	PostgreSQL
+	SQLServer
+)
+
+func (dt DatabaseType) String() string {
+	switch dt {
+	case MySQL:
+		return "mysql"
+	case PostgreSQL:
+		return "postgresql"
+	case SQLServer:
+		return "sqlserver"
+	default:
+		return "unknown"
+	}
+}
+
+type pingResult struct {
+	err         error
+	determinate bool
+}
+
+// ConnectionInfo holds parsed connection information
+type ConnectionInfo struct {
+	Host     string // includes port if specified, e.g., "host:port"
+	Database string
+	User     string
+	Password string
+	Params   map[string]string
+}
+
+type jdbcPinger interface {
+	ping(context.Context) pingResult
+}
+
+// public interfaces for analyzer
+type JDBCParser interface {
+	GetConnectionInfo() *ConnectionInfo
+	GetDBType() DatabaseType
+	BuildConnectionString() string
+}
+type JDBC interface {
+	jdbcPinger
+	JDBCParser
+}

pkg/detectors/jdbc/mysql.go

@@ -16,12 +16,26 @@ type MysqlJDBC struct {
 	ConnectionInfo
 }
 
+var _ JDBC = (*MysqlJDBC)(nil)
+
 func (s *MysqlJDBC) ping(ctx context.Context) pingResult {
 	return ping(ctx, "mysql", isMySQLErrorDeterminate,
-		BuildMySQLConnectionString(s.Host, "", s.User, s.Password, s.Params))
+		buildMySQLConnectionString(s.Host, "", s.User, s.Password, s.Params))
+}
+
+func (s *MysqlJDBC) GetDBType() DatabaseType {
+	return MySQL
+}
+
+func (s *MysqlJDBC) GetConnectionInfo() *ConnectionInfo {
+	return &s.ConnectionInfo
+}
+
+func (s *MysqlJDBC) BuildConnectionString() string {
+	return buildMySQLConnectionString(s.Host, s.Database, s.User, s.Password, s.Params)
 }
 
-func BuildMySQLConnectionString(host, database, user, password string, params map[string]string) string {
+func buildMySQLConnectionString(host, database, user, password string, params map[string]string) string {
 	conn := host + "/" + database
 	userPass := user
 	if password != "" {
@@ -56,7 +70,7 @@ func isMySQLErrorDeterminate(err error) bool {
 	return false
 }
 
-func ParseMySQL(ctx logContext.Context, subname string) (jdbc, error) {
+func parseMySQL(ctx logContext.Context, subname string) (JDBC, error) {
 	// expected form: [subprotocol:]//[user:password@]HOST[/DB][?key=val[&key=val]]
 	if !strings.HasPrefix(subname, "//") {
 		return nil, errors.New("expected host to start with //")
@@ -86,7 +100,7 @@ func ParseMySQL(ctx logContext.Context, subname string) (jdbc, error) {
 	}, nil
 }
 
-func parseMySQLURI(ctx logContext.Context, subname string) (jdbc, error) {
+func parseMySQLURI(ctx logContext.Context, subname string) (JDBC, error) {
 
 	// for standard URI format, which is all i've seen for JDBC
 	u, err := url.Parse(subname)

pkg/detectors/jdbc/mysql_integration_test.go

@@ -91,7 +91,7 @@ func TestMySQL(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.input, func(t *testing.T) {
-			j, err := ParseMySQL(logContext.Background(), tt.input)
+			j, err := parseMySQL(logContext.Background(), tt.input)
 
 			if err != nil {
 				got := result{ParseErr: true}