[misc] ensure not loading static class of wrong socketFactory implementation

Author: rusher

src/main/java/org/mariadb/jdbc/client/impl/ConnectionHelper.java

@@ -84,9 +84,13 @@ public static Socket standardSocket(Configuration conf, HostAddress hostAddress)
     if (socketFactoryName != null) {
       if (hostAddress == null) throw new SQLException("hostname must be set to connect socket");
       try {
-        @SuppressWarnings("unchecked")
-        Class<? extends SocketFactory> socketFactoryClass =
-            (Class<? extends SocketFactory>) Class.forName(socketFactoryName);
+        Class<SocketFactory> socketFactoryClass =
+            (Class<SocketFactory>)
+                Class.forName(socketFactoryName, false, ConnectionHelper.class.getClassLoader());
+        if (!SocketFactory.class.isAssignableFrom(socketFactoryClass)) {
+          throw new IOException(
+              "Wrong Socket factory implementation '" + conf.socketFactory() + "'");
+        }
         Constructor<? extends SocketFactory> constructor = socketFactoryClass.getConstructor();
         socketFactory = constructor.newInstance();
         if (socketFactory instanceof ConfigurableSocketFactory) {

src/test/java/org/mariadb/jdbc/integration/ConnectionTest.java

@@ -975,6 +975,8 @@ public void localSocket() throws Exception {
     stmt.execute("DROP USER testSocket");
   }
 
+  static public int staticTestValue = 0;
+
   @Test
   public void socketFactoryTest() throws SQLException {
     try (Connection conn = createCon("socketFactory=" + SocketFactoryBasicTest.class.getName())) {
@@ -989,6 +991,12 @@ public void socketFactoryTest() throws SQLException {
         SQLNonTransientConnectionException.class,
         () -> createCon("socketFactory=wrongClass"),
         "Socket factory failed to initialized with option \"socketFactory\" set to \"wrongClass\"");
+    assertEquals(0, staticTestValue);
+    Common.assertThrowsContains(
+        SQLNonTransientConnectionException.class,
+        () -> createCon("socketFactory=org.mariadb.jdbc.integration.util.WrongSocketFactoryTest"),
+        "Socket factory failed to initialized with option \"socketFactory\" set to \"org.mariadb.jdbc.integration.util.WrongSocketFactoryTest\"");
+    assertEquals(0, staticTestValue);
   }
 
   @Test

src/test/java/org/mariadb/jdbc/integration/util/WrongSocketFactoryTest.java

@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: LGPL-2.1-or-later
+// Copyright (c) 2012-2014 Monty Program Ab
+// Copyright (c) 2015-2023 MariaDB Corporation Ab
+package org.mariadb.jdbc.integration.util;
+
+import org.mariadb.jdbc.integration.ConnectionTest;
+
+public class WrongSocketFactoryTest {
+
+  static {
+    ConnectionTest.staticTestValue = 50;
+  }
+
+  public WrongSocketFactoryTest() {
+    ConnectionTest.staticTestValue = 100;
+  }
+}