SSL key is exposed in SQLException "No client available, ..." #1331
Description
Describe the bug
The following exception or similar exceptions have ClickHouseNode information converted to string and inserted into Exception message. This also is done for SSL key - exposing it, which is giant vulnerability.
org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is java.sql.SQLException: No client available, server ClickHouseNode [uri=, options={sslmode=strict,use_server_time_zone=true,sslkey=herecomesthekey,sslcert=certpath}]@724546415
at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:83)
at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:646)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:713)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:738)
at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:794)
at org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate.query(NamedParameterJdbcTemplate.java:209)
at org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate.query(NamedParameterJdbcTemplate.java:216)
at com.db.abfx.agency.reporting.quotes.QuotesRepository.fetchQuotesUsingQuery(QuotesRepository.kt:34)
... 44 common frames omitted
Caused by: java.sql.SQLException: No client available, server ClickHouseNode [uri=, options={sslmode=strict,use_server_time_zone=true,sslkeyherecomesthekey=,sslcert=}]@724546415
at com.clickhouse.jdbc.SqlExceptionUtils.handle(SqlExceptionUtils.java:85)
at com.clickhouse.jdbc.SqlExceptionUtils.create(SqlExceptionUtils.java:31)
at com.clickhouse.jdbc.SqlExceptionUtils.handle(SqlExceptionUtils.java:90)
at com.clickhouse.jdbc.internal.ClickHouseConnectionImpl.getServerInfo(ClickHouseConnectionImpl.java:124)
at com.clickhouse.jdbc.internal.ClickHouseConnectionImpl.(ClickHouseConnectionImpl.java:333)
at com.clickhouse.jdbc.ClickHouseDataSource.getConnection(ClickHouseDataSource.java:46)
at com.clickhouse.jdbc.ClickHouseDataSource.getConnection(ClickHouseDataSource.java:16)
at org.springframework.jdbc.datasource.DataSourceUtils.fetchConnection(DataSourceUtils.java:159)
at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:117)
at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:80)
... 51 common frames omitted
Caused by: java.net.ConnectException: No client available
at com.clickhouse.client.ClickHouseClientBuilder$DummyClient.execute(ClickHouseClientBuilder.java:61)
at com.clickhouse.client.ClickHouseClientBuilder$Agent.sendOnce(ClickHouseClientBuilder.java:287)
at com.clickhouse.client.ClickHouseClientBuilder$Agent.send(ClickHouseClientBuilder.java:299)
at com.clickhouse.client.ClickHouseClientBuilder$Agent.execute(ClickHouseClientBuilder.java:354)
at com.clickhouse.client.ClickHouseClient.executeAndWait(ClickHouseClient.java:884)
at com.clickhouse.client.ClickHouseRequest.executeAndWait(ClickHouseRequest.java:2068)
at com.clickhouse.jdbc.internal.ClickHouseConnectionImpl.getServerInfo(ClickHouseConnectionImpl.java:121)
... 57 common frames omitted
Expected behaviour
I think that either SSL key must be removed from toString conversion or at least replaced with *******************