Output warning in case of connecting as SYSDBA/SYSOPER

Author: pesse

src/main/java/org/utplsql/cli/ConnectionConfig.java

@@ -45,4 +45,10 @@ public String getPassword() {
     public String getConnectString() {
         return user + "/" + password + "@" + connect;
     }
+
+    public boolean isSysDba() {
+        return user != null &&
+                (user.toLowerCase().endsWith(" as sysdba")
+                || user.toLowerCase().endsWith(" as sysoper"));
+    }
 }

src/main/java/org/utplsql/cli/DataSourceProvider.java

@@ -26,6 +26,7 @@ public static DataSource getDataSource(ConnectionInfo info, int maxConnections )
         requireOjdbc();
 
         ConnectionConfig config = new ConnectionConfig(info.getConnectionString());
+        warnIfSysDba(config);
 
         HikariDataSource pds = new TestedDataSourceProvider(config).getDataSource();
         pds.setAutoCommit(false);
@@ -43,4 +44,10 @@ private static void requireOjdbc() {
             throw new RuntimeException("Can't run utPLSQL-cli without Oracle JDBC driver");
         }
     }
+
+    private static void warnIfSysDba(ConnectionConfig config) {
+        if ( config.isSysDba() ) {
+            System.out.println("WARNING: You are connecting to the database as SYSDBA or SYSOPER, which is NOT RECOMMENDED and can put your database at risk!");
+        }
+    }
 }

src/test/java/org/utplsql/cli/ConnectionConfigTest.java

@@ -2,7 +2,7 @@
 
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.*;
 
 public class ConnectionConfigTest {
 
@@ -13,6 +13,7 @@ void parse() {
         assertEquals("test", info.getUser());
         assertEquals("pw", info.getPassword());
         assertEquals("my.local.host/service", info.getConnect());
+        assertFalse(info.isSysDba());
     }
 
     @Test
@@ -22,6 +23,16 @@ void parseSysDba() {
         assertEquals("sys as sysdba", info.getUser());
         assertEquals("pw", info.getPassword());
         assertEquals("my.local.host/service", info.getConnect());
+        assertTrue(info.isSysDba());
+    }
+    @Test
+    void parseSysOper() {
+        ConnectionConfig info = new ConnectionConfig("myOperUser as sysoper/[email protected]/service");
+
+        assertEquals("myOperUser as sysoper", info.getUser());
+        assertEquals("passw0rd", info.getPassword());
+        assertEquals("my.local.host/service", info.getConnect());
+        assertTrue(info.isSysDba());
     }
 
     @Test
@@ -31,6 +42,7 @@ void parseSpecialCharsPW() {
         assertEquals("test", info.getUser());
         assertEquals("p@ssw0rd=", info.getPassword());
         assertEquals("my.local.host/service", info.getConnect());
+        assertFalse(info.isSysDba());
     }
 
     @Test
@@ -40,5 +52,6 @@ void parseSpecialCharsUser() {
         assertEquals("User/Mine@=", info.getUser());
         assertEquals("pw", info.getPassword());
         assertEquals("my.local.host/service", info.getConnect());
+        assertFalse(info.isSysDba());
     }
 }