iframe-proxy

keshavdandeva · 2026-02-17T20:32:30Z

b/429272203

This PR refactors the JDBC connection string parsing logic to be stricter and more robust, preventing silent failures due to typos. It also synchronizes DataSource properties with BigQueryConnection to ensure full feature parity.

gemini-code-assist · 2026-02-17T20:32:51Z

Summary of Changes

Hello @keshavdandeva, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the BigQuery JDBC driver by implementing stricter URL parsing to prevent configuration errors and by aligning the DataSource class with the full range of BigQueryConnection properties. These changes improve the robustness and feature parity of the driver, ensuring more reliable connection handling and configuration.

Highlights

Stricter JDBC URL Parsing: Implemented strict validation for JDBC connection URL properties, throwing exceptions for unknown or malformed entries, preventing silent failures due to typos.
DataSource Property Synchronization: Synchronized DataSource properties to match BigQueryConnection, adding support for labels, request reasons, various timeouts, maximum billed bytes, and SWA row counts.
Refactored URL Parsing Logic: Refactored URL parsing logic in BigQueryJdbcUrlUtility to use a centralized map for property validation and improved handling of PartnerToken.
Improved Error Reporting: Introduced BigQueryJdbcRuntimeException for specific URL parsing errors, ensuring clearer and more consistent error reporting.

Changelog

google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryDriver.java
- Imported BigQueryJdbcRuntimeException.
- Added a try-catch block around URL parsing to convert BigQueryJdbcRuntimeException to BigQueryJdbcException.
google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcUrlUtility.java
- Defined a PARTNER_TOKEN_PATTERN regex for more robust parsing.
- Created PROPERTY_NAME_MAP to hold all valid connection property names for strict validation.
- Rewrote parseUriProperty to leverage the new parseUrl method.
- Implemented parseUrl to strictly parse and validate all URL properties, throwing an exception for unknown properties.
- Refactored parsePartnerTokenProperty to use a new helper method that also removes the token from the URL string builder.
google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/DataSource.java
- Added new fields for labels, requestReason, timeout, jobTimeout, retryInitialDelay, retryMaxDelay, httpConnectTimeout, httpReadTimeout, maximumBytesBilled, swaActivationRowCount, and swaAppendRowCount.
- Updated createProperties to include these new properties in the connection properties.
- Added corresponding getter and setter methods for all newly introduced properties.
google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcUrlUtilityTest.java
- Added new test cases to verify that parseUrl throws BigQueryJdbcRuntimeException for unknown properties and typos.
- Updated existing tests to use more specific and relevant property names for multiline and integer parsing tests.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request enhances the robustness of JDBC URL parsing through stricter validation, refactored logic, and synchronization of DataSource properties. However, the new parsing logic introduces a connection string injection vulnerability due to unescaped delimiters in property values and insufficient validation for sensitive properties like LogPath. This flaw could enable path traversal or the overriding of security-sensitive connection settings. It is recommended to implement proper escaping for property values and add validation for security-critical properties during URL parsing.

…erabilites

keshavdandeva · 2026-02-18T00:34:10Z

/gemini review

gemini-code-assist

Code Review

This pull request significantly improves the JDBC driver's connection string parsing by introducing stricter validation for property names, preventing silent failures, and correctly URL-encoding property values. It also synchronizes DataSource properties with BigQueryConnection for enhanced feature parity. However, a potential information exposure vulnerability exists: the parseUrl method could leak sensitive data in SQLException messages if a secret is accidentally provided as a property key, as the raw key is included in error messages. Additionally, there is a minor suggestion to reduce code duplication.

logachev · 2026-02-24T04:35:57Z

-    if (matcher.find() && matcher.groupCount() == 1) {
-      return CharEscapers.decodeUriPath(matcher.group(1));
+    Map<String, String> map = parseUrl(uri);
+    if (PROPERTY_NAME_MAP.containsKey(property.toUpperCase())) {


hm, ok. No need to change it in this PR, but I think we should get rid of parseStringProperty handling default values. We already have defaultValue() available in various property maps (e.g. link)

I don't see a lot of benefit in using map to map upper-to-camel case.. We can just normalize keys and always use upper case instead.

keshavdandeva added 3 commits February 17, 2026 20:29

feat(jdbc): enforce strict JDBC URL parsing and validation

523eed3

feat(jdbc): sync DataSource properties with BigQueryConnection

5d6304f

test: update tests for strict parsing

df71d2c

product-auto-label Bot added size: l Pull request size is large. api: bigquery Issues related to the googleapis/java-bigquery API. labels Feb 17, 2026

gemini-code-assist Bot reviewed Feb 17, 2026

View reviewed changes

Comment thread google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryDriver.java

Comment thread ...cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcUrlUtility.java

keshavdandeva added 3 commits February 17, 2026 23:06

chore: fix failing tests

56b7b09

chore: throw original BigQueryJdbcRuntimeException

fe67f1d

chore: add url encoding to appendProperties to prevent injection vuln…

73c0bce

…erabilites

gemini-code-assist Bot reviewed Feb 18, 2026

View reviewed changes

keshavdandeva added 3 commits February 18, 2026 13:29

chore: refactor parseAndRemovePartnerTokenProperty()

e25caf4

fix: use "ProjectId" instead of "Project_Id" in tests

9fa4bae

chore: add error message sanitization

423594a

keshavdandeva marked this pull request as ready for review February 18, 2026 13:42

keshavdandeva requested a review from a team February 18, 2026 13:42

keshavdandeva requested a review from a team as a code owner February 18, 2026 13:42

keshavdandeva requested a review from logachev February 18, 2026 13:42

logachev reviewed Feb 20, 2026

View reviewed changes

keshavdandeva added 2 commits February 21, 2026 00:13

chore: address pr feedback

6709e7e

Merge branch 'main' into jdbc/feat-strict-url-parse-and-sync-dataSource

2b55c32

keshavdandeva requested a review from logachev February 21, 2026 00:14

fix: regex for partnerToken

290d317

logachev reviewed Feb 24, 2026

View reviewed changes

chore: use Joiner and copy of map when setting properties

407a0d8

keshavdandeva requested a review from logachev February 24, 2026 15:02

logachev approved these changes Feb 25, 2026

View reviewed changes

keshavdandeva merged commit 0b0c1ce into main Feb 25, 2026
26 checks passed

keshavdandeva deleted the jdbc/feat-strict-url-parse-and-sync-dataSource branch February 25, 2026 15:35

release-please Bot mentioned this pull request Feb 25, 2026

chore(main): release 2.60.0 #4115

Merged

Sunbelt Computer Software

PL/B Language Development and Support

Uh oh!

Conversation

keshavdandeva commented Feb 17, 2026

Uh oh!

gemini-code-assist Bot commented Feb 17, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

keshavdandeva commented Feb 18, 2026

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

logachev Feb 24, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants