New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pgdriver.WithDSN panic when password contains a '#' and at least one letter before '#' #935
Comments
As per documentation, the DSN should be a valid URL:
There are many guides online for URL-encoding a string in Golang and this simple change should fix your issue: password := "invalid#pwd"
pgdriver.WithDSN(fmt.Sprintf("postgres://postgres:%s@localhost:5432/postgres?sslmode=disable", url.QueryEscape(password))) IMO, ensuring the validity of the URL should be the client code's responsibility. |
Oh, sorry, I made a stupid mistake. I forgot to escape the dsn string. |
I feel like there should be safe way to check/use DSN without panic. Maybe just export parseDSN function so users can check error on theirs end. |
@betrok here
pgconn := pgdriver.NewConnector(
pgdriver.WithNetwork("tcp"),
pgdriver.WithAddr("localhost:5437"),
pgdriver.WithTLSConfig(&tls.Config{InsecureSkipVerify: true}),
pgdriver.WithUser("test"),
pgdriver.WithPassword(`^_^Sp00kyP@$$w0rd#`), // <-- invalid URL characters here
pgdriver.WithDatabase("test"),
) |
There are more situations where parseDSN can return error leading to panic other than straight up invalid URL, including certificate verification. |
My PostgreSQL's password has a character '#'
(my dsn sample:
postgres://postgres:1A#34@localhost:5432/postgres?sslmode=disable
)And I see pgdriver.WithDSN calls url.Parse() which will cause this error:
parse "postgres://postgres:1A": invalid port ":1A" after host
The panic stack is:
The text was updated successfully, but these errors were encountered: