NETProvider icon indicating copy to clipboard operation
NETProvider copied to clipboard

Published 20 hours ago verified publisher icon FirebirdSQL

Not possible to use quotes for password in ConnectionString

Open Prochy opened this issue 3 years ago • 3 comments

If I have a connection string like: User=SYSDBA;Password="""'""''";Database=testDb;DataSource=localhost;Port=3051;Dialect=3;Charset=UTF8;Role=;Connection lifetime=15;Pooling=true;MinPoolSize=0;MaxPoolSize=500;Packet Size=8192;ServerType=0

I suppose it should work and the password should be parsed as "'"''. Obviously, there is problem in a regex parsing that part. If I'm right, the original regex (ConnectionString.cs line 283): const string KeyPairsRegex = "(([\\w\\s\\d]*)\\s*?=\\s*?\"([^\"]*)\"|([\\w\\s\\d]*)\\s*?=\\s*?'([^']*)'|([\\w\\s\\d]*)\\s*?=\\s*?([^\"';][^;]*))"; Should be changed to this: const string KeyPairsRegex = "(([\\w\\s\\d]*)\\s*?=\\s*?\"((?:[^\"]|\"\")*)\"|([\\w\\s\\d]*)\\s*?=\\s*?'([^']*)'|([\\w\\s\\d]*)\\s*?=\\s*?([^\"';][^;]*))"; And accordingly replace escaped quotes to single one:

var values = new string[]
 {
		(keyPair.Groups[2].Success ? keyPair.Groups[2].Value
		 : keyPair.Groups[4].Success ? keyPair.Groups[4].Value
                  : keyPair.Groups[6].Success ? keyPair.Groups[6].Value
                   : string.Empty)
		    .Trim().ToLowerInvariant(),
		(keyPair.Groups[3].Success ? keyPair.Groups[3].Value.Replace("\"\"","\"")
		 : keyPair.Groups[5].Success ? keyPair.Groups[5].Value.Replace("''","'")
		  : keyPair.Groups[7].Success ? keyPair.Groups[7].Value 
                   : string.Empty)
                    .Trim()
						};

Also there is problem with spaces in the password. If I have connection string like: User=SYSDBA;Password=" ";Database=testDb;DataSource=localhost;Port=3051;Dialect=3;Charset=UTF8;Role=;Connection lifetime=15;Pooling=true;MinPoolSize=0;MaxPoolSize=500;Packet Size=8192;ServerType=0

The password is parsed as empty string which is wrong in my opinion.

Prochy avatar Jan 13 '22 15:01 Prochy

Feel free to create PR and add some tests into this file and improve the regex.

I don't recall from top of my head why the trimming is there. Maybe for some trailing new lines or something like that. Given it has been like that for a long time, I would be careful simply removing it. Maybe just not trimming spaces, etc., but other non-printable characters should still be trimmed...

cincuranet avatar Jan 14 '22 10:01 cincuranet

@cincuranet I would say that if the value is encapsulated between "," or ',' it should be never trimmed no matter what inside between them is. So also others whitespaces than space shouldn't be trimmed. Even though it is not good idea put there something like \r\n. But also to be more conservative, it can trim only spaces.

So it means: key=" fsd\r\n"; will be parsed like " fsd\r\n" (ofc without quotes)

key=fsd\r\n; will be parsed like "fsd"

If I have time, I will create PR during weekend.

Prochy avatar Jan 14 '22 11:01 Prochy

LGTM

cincuranet avatar Jan 14 '22 11:01 cincuranet