Open lordgreg opened 1 day ago
We're seeing the same issue on our side when using the JacksonDatabase.
Hey @lordgreg
Could you please confirm that you are using version 2.2.2?
I suspect the reason for this is that CustomData has been defined as being empty in both Simple and Jackson (which copied Simple to some degree) - whereas DOM and JAXB don't care about elements they don't know about. It's interesting that this has not come up before.
Could you please supply some kind of test file containing "safe" data so I can include it in a test for the fix.
A fix will be made in 2.2.3.
NB 2.2.3 provides in-memory protection of Strings for Jackson only and is from now on the very much the preferred implementation. The others will be dropped in V3. See https://github.com/jorabin/KeePassJava2/discussions/60 and https://github.com/jorabin/KeePassJava2/discussions/62.
Thanks Jo
Hi @haroon-sheikh
Likewise to the above - would you please supply a safe test file ...
Thanks Jo
Hi @jorabin-sense ,
Yes, I am using the version 2.2.2:
test-KeePassJava2.kdbx.zip Pass: KeePassJava2
File doesnt have entries, but does have the Fields:
<CustomData>
<Item>
<Key>KPXC_RANDOM_SLUG</Key>
<Value>df59b2ef51126309416ff8b48ea69dfaa9f00c8699e4d0201da51aecf663d2edb697e5d733cf8fca2613c4d697f735181ca72e6ddd4f676e0e73cef9e655ac95abbcec5b9a7fc119e2932e56cc65c8b189af96861c2362f5abbec173dc8a11e0d02bdc7346361943ec6f88a5071ed197af851de0f52c7d9bf6ac1fc8952a85973a05f59a77765348db6c7ee97c1ecba2b22fb269c9d3bb978ef492994abfee6be48a0f963e82a9073d20392bbe2181da18bdb08e49fd8d194a77f96dbadfa185dc47f0084270a3995bc7c17112a02e58fa9493236eacf40f72e274e73f0189887c9707f26caeff9dccd83530a2f95e118b209cbd4c5b04cee48b329954</Value>
</Item>
<Item>
<Key>_LAST_MODIFIED</Key>
<Value>Wed Nov 6 13:53:33 2024 GMT</Value>
</Item>
<Item>
<Key>KPXC_DECRYPTION_TIME_PREFERENCE</Key>
<Value>1000</Value>
</Item>
</CustomData>
This is easily reproducible if you just create a new KDBX in KeePassXC :).
Thanks for looking into this @jorabin-sense, I can confirm, we're also using 2.2.2.
test.kdbx.zip Pass: KeePassJava2
We have a kdbx encrypted with password, using KDBX db v2.x
Opening the file with
SimpleDatabase
:Opening with JacksonDatabase:
Jax and Dom work without the issue.
If I export the file as YAML and check the Object, i see there are 3:
This is probably something that came in with manipulating the DB with KeePassXC from here and here.