From 68d813f013035a40e823145e74cf9ba4992875f6 Mon Sep 17 00:00:00 2001 From: yassinsolim-bot Date: Sat, 28 Feb 2026 04:32:55 +0000 Subject: [PATCH 1/2] fix: remove hardcoded DB credentials and debug prints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace hardcoded USER/PASS/URL with System.getenv() lookups - DB_PASSWORD defaults to empty string (not old hardcoded value) - Comment out System.out.println debug calls in production files - Improve .gitignore Security audit finding — credentials were committed to public repo. --- .gitignore | 3 +++ src/edu/ucalgary/oop/CLIHandler.java | 14 +++++++------- src/edu/ucalgary/oop/DatabaseAdapter.java | 18 +++++++++--------- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 17379e9..c929573 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,6 @@ bin/ out/ target/ build/ + +# === macOS === +.DS_Store diff --git a/src/edu/ucalgary/oop/CLIHandler.java b/src/edu/ucalgary/oop/CLIHandler.java index 673d80e..930e22f 100644 --- a/src/edu/ucalgary/oop/CLIHandler.java +++ b/src/edu/ucalgary/oop/CLIHandler.java @@ -57,13 +57,13 @@ private void displayMainMenu() { String locations = LanguageLoader.getTranslation("menu.locations"); String exit = LanguageLoader.getTranslation("menu.exit"); - System.out.println("\nDEBUG - Menu items:"); - System.out.println("Title: '" + title + "'"); - System.out.println("Victims: '" + victims + "'"); - System.out.println("Supplies: '" + supplies + "'"); - System.out.println("Inquiries: '" + inquiries + "'"); - System.out.println("Locations: '" + locations + "'"); - System.out.println("Exit: '" + exit + "'"); + // TODO: replace with proper logger // System.out.println("\nDEBUG - Menu items:"); + // TODO: replace with proper logger // System.out.println("Title: '" + title + "'"); + // TODO: replace with proper logger // System.out.println("Victims: '" + victims + "'"); + // TODO: replace with proper logger // System.out.println("Supplies: '" + supplies + "'"); + // TODO: replace with proper logger // System.out.println("Inquiries: '" + inquiries + "'"); + // TODO: replace with proper logger // System.out.println("Locations: '" + locations + "'"); + // TODO: replace with proper logger // System.out.println("Exit: '" + exit + "'"); System.out.println("\n" + title); System.out.println("1. " + victims); diff --git a/src/edu/ucalgary/oop/DatabaseAdapter.java b/src/edu/ucalgary/oop/DatabaseAdapter.java index ae0e6ab..8099554 100644 --- a/src/edu/ucalgary/oop/DatabaseAdapter.java +++ b/src/edu/ucalgary/oop/DatabaseAdapter.java @@ -32,9 +32,9 @@ public class DatabaseAdapter implements AutoCloseable { private static DatabaseAdapter instance; private Connection connection; - private static final String DB_URL = "jdbc:postgresql://localhost:5432/ensf380project"; - private static final String USER = "oop"; - private static final String PASS = "ucalgary"; + private static final String DB_URL = System.getenv().getOrDefault("DB_URL", "jdbc:postgresql://localhost:5432/ensf380project"); + private static final String USER = System.getenv().getOrDefault("DB_USER", "oop"); + private static final String PASS = System.getenv().getOrDefault("DB_PASSWORD", ""); private boolean isTestMode = false; // Test mode data @@ -58,9 +58,9 @@ private void initializeConnection() throws SQLException { } try { - System.out.println("Attempting to connect to database..."); - System.out.println("URL: " + getDbUrl()); - System.out.println("User: " + USER); + // TODO: replace with proper logger // System.out.println("Attempting to connect to database..."); + // TODO: replace with proper logger // System.out.println("URL: " + getDbUrl()); + // TODO: replace with proper logger // System.out.println("User: " + USER); // Load the PostgreSQL JDBC driver Class.forName("org.postgresql.Driver"); @@ -79,7 +79,7 @@ private void initializeConnection() throws SQLException { throw new SQLException("Failed to establish database connection"); } - System.out.println("Successfully connected to database"); + // TODO: replace with proper logger // System.out.println("Successfully connected to database"); } catch (ClassNotFoundException e) { System.err.println("PostgreSQL JDBC Driver not found: " + e.getMessage()); throw new SQLException("PostgreSQL JDBC Driver not found: " + e.getMessage()); @@ -715,9 +715,9 @@ public void cleanupDuplicateVictims() { stmt.executeUpdate(); } } - System.out.println("Cleaned up " + idsToDelete.size() + " duplicate victim(s)"); + // TODO: replace with proper logger // System.out.println("Cleaned up " + idsToDelete.size() + " duplicate victim(s)"); } else { - System.out.println("No duplicate victims found"); + // TODO: replace with proper logger // System.out.println("No duplicate victims found"); } } catch (SQLException e) { System.err.println("Error cleaning up duplicate victims: " + e.getMessage()); From cc556c94508dd71e8fe0a2fd7e5744fa36ab000f Mon Sep 17 00:00:00 2001 From: yassinsolim-bot Date: Sat, 28 Feb 2026 13:46:35 +0000 Subject: [PATCH 2/2] fix: remove leftover commented debug statements from audit patch --- src/edu/ucalgary/oop/CLIHandler.java | 7 ------- src/edu/ucalgary/oop/DatabaseAdapter.java | 6 ------ 2 files changed, 13 deletions(-) diff --git a/src/edu/ucalgary/oop/CLIHandler.java b/src/edu/ucalgary/oop/CLIHandler.java index 930e22f..7e9ade3 100644 --- a/src/edu/ucalgary/oop/CLIHandler.java +++ b/src/edu/ucalgary/oop/CLIHandler.java @@ -57,13 +57,6 @@ private void displayMainMenu() { String locations = LanguageLoader.getTranslation("menu.locations"); String exit = LanguageLoader.getTranslation("menu.exit"); - // TODO: replace with proper logger // System.out.println("\nDEBUG - Menu items:"); - // TODO: replace with proper logger // System.out.println("Title: '" + title + "'"); - // TODO: replace with proper logger // System.out.println("Victims: '" + victims + "'"); - // TODO: replace with proper logger // System.out.println("Supplies: '" + supplies + "'"); - // TODO: replace with proper logger // System.out.println("Inquiries: '" + inquiries + "'"); - // TODO: replace with proper logger // System.out.println("Locations: '" + locations + "'"); - // TODO: replace with proper logger // System.out.println("Exit: '" + exit + "'"); System.out.println("\n" + title); System.out.println("1. " + victims); diff --git a/src/edu/ucalgary/oop/DatabaseAdapter.java b/src/edu/ucalgary/oop/DatabaseAdapter.java index 8099554..5a01ce8 100644 --- a/src/edu/ucalgary/oop/DatabaseAdapter.java +++ b/src/edu/ucalgary/oop/DatabaseAdapter.java @@ -58,9 +58,6 @@ private void initializeConnection() throws SQLException { } try { - // TODO: replace with proper logger // System.out.println("Attempting to connect to database..."); - // TODO: replace with proper logger // System.out.println("URL: " + getDbUrl()); - // TODO: replace with proper logger // System.out.println("User: " + USER); // Load the PostgreSQL JDBC driver Class.forName("org.postgresql.Driver"); @@ -79,7 +76,6 @@ private void initializeConnection() throws SQLException { throw new SQLException("Failed to establish database connection"); } - // TODO: replace with proper logger // System.out.println("Successfully connected to database"); } catch (ClassNotFoundException e) { System.err.println("PostgreSQL JDBC Driver not found: " + e.getMessage()); throw new SQLException("PostgreSQL JDBC Driver not found: " + e.getMessage()); @@ -715,9 +711,7 @@ public void cleanupDuplicateVictims() { stmt.executeUpdate(); } } - // TODO: replace with proper logger // System.out.println("Cleaned up " + idsToDelete.size() + " duplicate victim(s)"); } else { - // TODO: replace with proper logger // System.out.println("No duplicate victims found"); } } catch (SQLException e) { System.err.println("Error cleaning up duplicate victims: " + e.getMessage());